How to disable Apple Push Notification Service (apsd) which is trying to bypass firewalls

Question

I am using an iMac at work, and the IT security guys are raising issue with the Apple Push Notification Service (apsd) trying to bypass the proxy continually.

I would like to know how I can disable apsd from running.

Answer 1

I figured out that I needed to enter the following in the terminal:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist

I did this already, and it seemed to fix the issue, but would love to know if this is the advisable way to solve the problem.

========================================================

Also, in case you want to enable the process afterwards, you can use this:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.apsd.plist

sources:

https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/launchctl.1.html

http://www.cyberciti.biz/faq/disabling-unnecessary-mac-osx-services/

Answer 2

Little Snitch is a means to solve this problem. It doesn't answer the original question (which is how to disable apsd from running), but it can solve this sort of problem, albeit in a bandaid way, that the author of the question has.

With Little Snitch in place it's one button click solution to never hear from apsd again...

Answer 3

Little snitch will only work for a little while. APSD will continue to try to connect to multiple ip addresses once you "deny" connection. I had to do it like 40 times, then when I thought everything was blocked it started doing it again a couple months later relentlessly. Turn the stupid process off.

Answer 4

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist

this will completely stop apsd as your background service. Similar in linux, for those process that are running in /etc/inittab

Answer 5

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.applepushserviced.plist

For 10.7.5 FYI. The service name is expanded.

Answer 6

Maybe, it will be a safer alternative to use Little Snitch and a customized Hosts File to Block Apple stuff you don't want (If you are not planning to use Apple related services such as FaceTime, Messages, App Store and so on) You could also block, at the DNS level, Apple related domains that such process use.

Per Example:

Hostnames: a1441.g4.akamai.net init-p01st.push.apple.com.edgesuite.net init-p01st.push.apple.com IP Addresses: 184.28.188.170 184.28.188.163 --- Hostnames: 35.courier-push-apple.com.akadns.net 24-courier.push.apple.com 21-courier.push.apple.com 13.courier-push-apple.com.akadns.net 9-courier.push.apple.com 6-courier.push.apple.com 32.courier-push-apple.com.akadns.net 13-courier.push.apple.com 34-courier.push.apple.com 17.courier-push-apple.com.akadns.net 34.courier-push-apple.com.akadns.net 47.courier-push-apple.com.akadns.net 46-courier.push.apple.com 39-courier.push.apple.com 9.courier-push-apple.com.akadns.net 47-courier.push.apple.com 11-courier.push.apple.com 43-courier.push.apple.com 14-courier.push.apple.com 19-courier.push.apple.com 41-courier.push.apple.com 8.courier-push-apple.com.akadns.net 1-courier.push.apple.com 24.courier-push-apple.com.akadns.net 17-courier.push.apple.com 21.courier-push-apple.com.akadns.net 10-courier.push.apple.com 38.courier-push-apple.com.akadns.net 38-courier.push.apple.com 6.courier-push-apple.com.akadns.net 32-courier.push.apple.com 8-courier.push.apple.com 35-courier.push.apple.com 18-courier.push.apple.com 1.courier-push-apple.com.akadns.net 43.courier-push-apple.com.akadns.net 11.courier-push-apple.com.akadns.net 10.courier-push-apple.com.akadns.net sjc-courier.push-apple.com.akadns.net 19.courier-push-apple.com.akadns.net 18.courier-push-apple.com.akadns.net 14.courier-push-apple.com.akadns.net 46.courier-push-apple.com.akadns.net 41.courier-push-apple.com.akadns.net 39.courier-push-apple.com.akadns.net IP Addresses: 17.249.28.28 17.249.28.27 17.249.28.30 17.249.28.19 17.249.28.36 17.249.28.22 17.249.28.31 17.249.28.12 17.249.28.21 17.249.28.25 17.249.28.32 17.249.28.8 17.249.28.24 17.249.28.10 17.249.28.18 17.249.28.11 17.249.28.33 17.249.28.34 17.249.28.13 17.249.28.23 17.249.28.26 17.249.28.35 17.249.28.20 17.249.28.15 17.249.28.17 ----

The above, is just a small example of all Apple's process / services phoning home. The full list is Extensive. I block them at both; At the App level (Using Little Snitch) and at the DNS level (Hosts File) because they Tend to bypass or go around the back of VPN connections. So, I consider them a Privacy and Security Breach. I Love my Mac, but I don't use any apple related apps and services.

AS per Little Snitch, you have to Uncheck some predefined settings. So, next time an Apple process kicks in, such as the apsd process, you can then choose to block all outgoing connections.

To Edit the Hosts File on your Mac, Open Finder, Go to Folder, write: /etc/hosts and the open using TextWrangler. Don't forget to use 0.0.0.0 as a Prefix on all your entries, you can use other commands on TextWrangler such as Sort, Add Line Breaks, and so on. Then, just save and reboot.

If you try to Disable some Apple process via Terminal, you may be required to disable first SIP, which I personally preferred to live it alone. (Operation not permitted while System Integrity Protection is engaged)

Answer 7

Want to improve this post? Provide detailed answers to this question, including citations and an explanation of why your answer is correct. Answers without enough detail may be edited or deleted.

Another solution would be to use Little Snitch and to block apsd from there.