What is the process EscrowSecurityAlert in Activity Monitor?

macos security malware

I'm a little worried about a process I see in Activity Monitor called 'EscrowSecurityAlert'

Descriptions provided other forums ranges from it being a sign of malware:

The threat to your Mac is CleanMyMac. Delete it.

through to it being harmless:

This should be perfectly fine as something

and descriptions I don't understand (I can't think of anything I use that requires 'data escrow'):

Escrow is a data security measure in which acryptographic key is entrusted to a third party (i.e., kept in escrow). Under normal circumstances, the key is not released to someone other than the sender or receiver without proper authorization. Key escrow systems can be considered a security risk at the user puts access to information into the hands of the escrow agent holding the cryptographic key; however, key escrow systems are used to ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.

Question

Regarding the 'EscrowSecurityAlert' process - is this something that ships with macOS or have I installed it myself somehow?


Yes, it's part of macOS & has been since perhaps Mavericks.

Wikipedia lists it in List of macOS components but provides no description -

The iPhone Wiki gives a brief description

This application works with the iCloud Keychain servers. It manages the password uploads and anything that keychain tools does.

By definition an escrow service is one who acts as a middle-man in a complex or expensive process. It is often used when buying/selling a house. The escrow company holds both the deeds and the money until all parties have completed the legal requirements to transfer the property, preventing either one from 'running off with the money'.

In computing terms it is an arbitrator between two not-necessarily-yet-trusted 'clients'. It prevents any data from one leaking to the other until full trust is established. In effect, it doesn't let anything 'run off with the money'.
This is, in effect, a less mind-numbing version of your last link & quote.


/System/Library/CoreServices/EscrowSecurityAlert.app is part of macOS and is involved in the configuration and maintenance of the iCloud Keychain security code.

For example, prompts for entering the code to configure a new device with access to the Keychain.

If you've ever seen one of these messages, it's a dialog from this app:

  • ESCROW_ELE_ALERT_MESSAGE

    Create New iCloud Security Code
    A new security code must be created because of a change to iCloud Keychain servers.

    (Apple wrote a support article about this message: If you're asked to create a new iCloud security code)

  • RECORD_BURNED_ALERT_MESSAGE

    Update Your iCloud Security Code
    Your security code was incorrectly entered too many times on one of your other devices and can no longer be used.

  • RESET_CONFIRMATION_MESSAGE

    Reset and Turn Off iCloud Keychain?
    All passwords in iCloud Keychain will be deleted, and iCloud Keychain will be turned off on all your devices.

Related

What is the keyboard shortcut ctrl+option+shift+power for?
How do you open UDP ports in a range on MacOS 10.15.7 Catalina
Missing scaled resolution for external 4K display on MacBook 2016
Origin of "come in handy"
When did 'Robot' start implying a machine?
What does 'as favorable to' mean?
What do you call a person who loses interest after achieving something?
Using possessive pronouns for an academic degree (e.g. my masters degree) [closed]
Is the expression Get shed of or get shut of?
"Spelling checker" or "spell checker"?
origin of: sleep tight, make sure the bugs don’t bite
"To steal the show" origin?