After a clean install and going through system startup without using iCloud’s services, I notice that the process apsd makes a persistent connection with an IP address of the 17/8 range. There are always three connections: one at port 443, port 5223, and other ports for mail, etc. These hosts are either Apple engineering or Apple data centers, where many have reported abuse. I am in the process of characterizing my devices due to malware, so I must distinguish between typical and non-typical behavior.
APSD is used for APN or Apple Push Notifications, so it is used for many of the factory apps. But it is also used for managing devices such as an MDM service. The network traffic at times can be as high as 10 MB Sent and 2 MB Received on a typical day. I have had consultants look over my logs, and they have suspicion that I have been enrolled in mdm without my consent. It is working through configured profiles with Apple’s legacy managed system known as MCX.
I am looking for advice and verification of the hypothesis that this communication may be indicative of my devices being managed.
MODERATORS: Please repost my second question titled “Installed Plugin by Apple Normal”. It has been closed by a moderator as being a “duplicate”. The first question I posed wad deleted because you claimed that it had too many questions inherent to it. So I took one question out and reposted. It is important that I get that one answered. Thank you.