APSD process with Little Snitch, "non apple connections" strange pokemondb.net :(

apsd is the process that checks for push notifications. It might connect to any server from which you, or another user of the computer, have chosen to receive such notifications.

As for "Little Snitch," you have two choices. If—like me—you think it's useless, time-wasting crapware that interferes with normal system operation and bombards you with pointless alerts, you can remove it according to the developer's instructions. If you want to keep it, refer any questions about it to the developer.

I did read your post, but it's the last one I'm going to read. Good luck.

Hey, could not agree more with your stance here. I've posted some questions that I think are reasonable, and I'm asking them for the same reasons I think you are: one, because I am concerned about security and not willing to leave all my comp's activity unverified just cause it has an Apple logo on it; two, I'm genuinely trying to understand more about how my mac's OS and programs work.

Unfortunately I've had several high-level forum participants making the same vapid points on my forum threads as well...I even had one guy who said that there is no such thing as malware for mac. I'm currently studying advanced cyber security at a graduate level. You are very right to be concerned about your installed programs' network connections [just think about the ntp vulnerability fiasco]. And YES there is malware for macs, and we should be informed and careful about their risks.

If you're interested, feel free to check out my questions by searching for my username...if you happen to know where I could start finding answers to them any help would be much appreciated!

I came across your question because I noticed the same behaviour myself while using LS. Unfortunately I don't have the time to explain everything here in my words but these two links should give you some more information about the apsd process and how your mac is talking to other servers in order to facilitate push notifications:

https://developer.apple.com/library/mac/documentation/NetworkingInternet/Concept ual/RemoteNotificationsPG/Chapters/ApplePushService.html#//apple_ref/doc/uid/TP4 0008194-CH100

https://developer.apple.com/library/mac/documentation/NetworkingInternet/Concept ual/NotificationProgrammingGuideForWebsi…

Our answer may lie here. I noticed that when I turned off javascript in my Safari browser, and cleared most of the cookies out of my browser's cache, the network activity from apsd going out to non-apple sites disappeared from the network monitor on LS. Here's my proposed theory. The apsd process is facilitating connections to the websites that we visit using the browser in order to coordinate the pop-up windows that you sometimes get when visiting a website. For example, I noticed that soon after visiting forbes.com and receiving a pop up, I saw that apsd had just recently connected to some forbes.com domains. In your case, perhaps you visited a website that showed you a popup add for something to do with Pokemon [think the monsters] or for some service or website called pokemond.db? In that case no malicious activity would be happening...just some browser back end stuff to help facilitate smooth browsing [and advertising to you]. Also, it's encouraging that when I eliminated the cookies from browser, these connections seem to have stopped.

I'm not sure how people gain levels or points in these forums; I'm new to them...but if you know how and you found this post helpful, I'd appreciate the "like" or whatever the recommendation process is. Cheers.

Let's not be ***** here.

<Edited by Host>

You can like or dislike Little Snitch, and you can be for or against transparency, you can support or oppose the inquisitive mind and the search for answers, but there is an underlying problem here, that has nothing to do with Little Snitch. It is the fact that a process like APSD even exists. We give privileges to apps and users that we trust, and deny privileges to others. This is circumvented by going behind our backs. This isn't just normal system operation, and in fact it even interferes with what I would call 'normal system operation'.

I'd appreciate you deleting your first post Linc. The asker says it's a bad answer. It didn't help me either. Not sure why it is marked as solved. I'm still looking for an answer to the original question the asker made. If any moderators see this please "unsolve" the question. It's still open.

I'd like to know what system operations will be affected if I simply disable APSD in a manner as others have pointed out. Will Messages or Calendar continue to operate fully? Will disabling APSD affect any Continuity features of OSX 10.10+?

Hi,

Messages when the iMessages accounts is active get them from a server that Pushes.

The OS needs to be accepting these to be able to get the right app to deal with them (I know that is a little simplistic).

Messages or rather the iMessages account will not work if your turn that process Off.

I don't use Calendar/iCal or know which other apps might use this process and not work if it is turned Off.

I don't think I have ever seen the Host "Unsolve" the Post that has been selected.

Only the Original Poster can select it anyway. Some do get marked Recommended instead which does seem to be a Host intervention but that is a recent thing and this Thread and the Solved post look to be before that started.

This part of Linc's post is correct.

apsd is the process that checks for push notifications. It might connect to any server from which you, or another user of the computer, have chosen to receive such notifications.

Obviously "Chosen" can be a relative term and you might have to search several apps to find out what servers they might connect to.

9:50 p.m. Monday; October 12, 2015

Thanks Ralph. That's what I need to know. I appreciate your answer. I'd still be interested to know if other apple services apart from iMessage accounts use APSD.

The first answer may have been factually accurate but it was incorrect in the context of the question first asked. The asker stated they already had the general information about the service so nothing was added by the first answer (except inflammatory insults about the askers software setup). Your answer was different for me because there's a big difference between saying "any server... you have chosen" and saying "iMessage accounts [use] that process". It's important because I don't consider iMessages something I have specifically subscribed to but rather a service that is part of the Apple ecosystem.

In general, I would say this question highlights a problem users have identifying the difference between the OSX operating system and the OSX ecosystem extras, such as iMessage services. When Little Snitch puts forward a question about a service it is the first thing that runs through my mind, "Is this an OSX service?" or "Is this part of iMessage, iCal, or iCloud?" or "What functions will be if I disable this?" This is an easy question to answer for Google Services and Adobe Services because I am not using a Google OS or Adobe OS. However for OSX it becomes quite ambiguous whether it is core OSX functionality or ecosystem extras. Obviously this is not a unique Mac firewalling issue yet it would be great to have detailed information about the variety of OSX services (especially those part of iMessage, iCal, Pages, etc).

Hi,

I do use Little Snitch and you can see which Processes are currently linked to APSD

As you can see it includes the iCloud domain and the local Network (effectively Bonjour stuff) and to the webdavfs_agent to idisk.me.com.akadns.net servers which I think is the Contacts app sync stuff.

I will admit to mostly posting about Messages or iChat and some of this is beyond what I have learnt.

The "Any Process" items do have the cogwheel next to them to say they are System items which does tend to mean Apple Items.

However I could also not say that with entire certainty.

Actually Linc probably knows which items in the OS and the Apple apps that meet this criteria.

This Search is not that informative https://www.google.com/search?q=Push+Mac&ie=utf-8&oe=utf-8#q=Apps+that+use+Push+ Mac

9:11 p.m. Tuesday; October 13, 2015

Every time I try to go to where this discussion as branched, it tells me that access is "unauthorized" and I should speak to who ever sent me. Which was Apple.

Anyway, fugnug, I can confirm I've also got unacceptable connections coming from apsd. Little Snitch had this listed as a protected rule, "Protected rules are essential for smooth system operation. In general it’s therefore not recommended to disable these rules."

Apple says that apsd is part of "notifications". I took this to mean the three lines in the upper right hand corner, that can tell you messages from applications, essentially. What song is playing on itunes.

That's absolutely not what it is being used for.

I have no applications relating to the connections it wants to make. I visited a Wall Street Journal page, something I pretty much never do, and now I've got incessant blocked requests in the activity, when I look at the history of what apsd is trying to do. There are also other media-related urls in there, but absolutely NOTHING that I've installed on my computer, no application, no widget, and I have it set to the most private, least cookie-accepting, no-DOM-storage making, Flash-trashed, NoScripted settings that I can possibly manage. Just because you're paranoid doesn't mean they're not out to get you, because clearly, they are.

To the individual who stated, "apsd is the process that checks for push notifications. It might connect to any server from which you, or another user of the computer, have chosen to receive such notifications." I can tell you, nope. Never chose that. I'm the only user. And, nothing ever comes up in notifications that is related to these urls. As Little Snitch explains, apsd is a Backgroud Process. There is no GUI involved and no result is ever evident in Notifications that would be related to these urls actually wanting to notify me. It is only possible to tell with an application like Little Snitch, and then you can't trust the explanation of the rules they have said you need for "smooth operation". You have to go deep into those rules. So, in short, you are free to imagine about anyone using Little Snitch that they are all using crapware, and we are free to think that you're just another guy who thinks screwdrivers don't work because he doesn't know they turn. You don't pound.

Right. So I just wanted to say, that whatever zombie cookie has installed itself, in spite of SIP, which won't let me keep the modifications I actually used, it has just clean allowed the Wall Street Journal and any other comer to modify a "Background Process" for its own purposes. Make of that what you will.