David Dudok de Wit, co-founder of Alix, makers of the TripMode utility for controlling your Mac’s data usage on slow or expensive networks, has written a post on Medium outlining an Apple change in macOS 11 Big Sur and its consequences. (There’s also a huge Hacker News discussion.) In Big Sur, Apple will start enforcing an exclusion list of more than 50 Apple apps and processes that allows those apps to bypass oversight and control from application-level firewalls. The list first appeared in 10.15 Catalina but wasn’t enforceable for apps with network kernel extensions, as used by apps like TripMode, Little Snitch, and others. Big Sur changes that, essentially requiring such apps to use different APIs that honor Apple’s exclusion list. You can see the list here in Catalina or Big Sur:
I don’t believe this move shows any grand conspiracy to undermine TripMode or Little Snitch. I suspect it’s just another change that Apple has made—perhaps in the name of overall security, perhaps merely with no thought to what developers and users want—that has an unintended and undesirable consequence. It’s reminiscent of when Apple quietly prevented apps like BusyContacts and HoudahSpot from indexing Mail’s email archive in Catalina, regardless of how you set your permissions. Nevertheless, it’s disappointing, and if you’re bothered by the move, let Apple know via its Feedback Assistant.