This prompt is not even tied into the underlying TCC system; it's basically purely decorative. Failing to respond to the prompt, or responding "Open System Settings" to the prompt, does not even revoke the existing permission.
The prompt is also not even tied to the application bundle's code signature; tampering with the signature will not re-trigger the prompt. Nor will the prompt be re-triggered even if the application's entire bundle ID (com.example.example) changes.
No; the only way to re-trigger this prompt for an application is to rename the app bundle itself. That's right. Renaming Test.app to Test-dumb.app will trigger the prompt when nothing else will.
This isn't really worth criticizing that much because the prompt I think is designed as purely like a "don't forget about this" type of measure, and not one tied into actual security. But also that speaks greatly to the design challenges facing the TCC system more broadly, that this type of thing is seen as necessary.
Wow, tinyapps.org is still around? Having a nostalgia moment when I downloaded their curated apps onto my ZIP100 to try on my home computer running Windows 95.
And who still remembers analogx.com?
Back then, my download site of choice was happy puppy.
[deleted]
I thought this was a good thing. I want to know what I missed when removing/disabling things that open at logins, run in the background, and have extensive permissions.
> I want to know what I missed when removing/disabling things that open at logins,
All the permission grants are summarized in system preferences. Much more elegant to go do your own audit than have to respond to nag screens.
The nag screens are an inferior Windows security feature (think UAC) no doubt manifested as a result of The Bozo Explosion which Jobs managed to fend off for about a decade or so.
AFAICT, Apple excludes all their own apps. Seems like a way to try to get people to use Apple's apps over everyone else's. Just to check, I pick the Quick Time Player. I pick "New Screen Recording". No prompt.
I thought all apps using the new window picker API were excluded and that includes most of Apple's apps?
This is correct - the mechanism seems like it’s primarily for shaming developers that don’t use the new API
Don’t let facts get in the way of Apple bashing. Apple already does so many legitimately anticompetitive things (see: iOS EU blah blah), so resorting to this low-quality complaining is very lazy.
Too many notifications and you get fatigued which is not good either. Maybe in future the on-device AI will decide whether to notify you. (Hmm this could be an idea, can you use a RPA tool to click those notifications on mac?)
Allowing that to be automated outside of users control is just another security problem to solve. Why not go all in on this and let the apps approve all privileges for themselves, right? So convenient for the user... That just contradicts the very idea of any approvals from user.
I actually think UAC on Windows has this done more clearly and is harder to go around. Wonder how that would work if it was extended for more granular permissions that apps can trigger on demand.
I agree with reducing notifications, but not at the expense of critical notifications. For more than a decade, I have eliminated all forms of notifications and have been selectively allowing the ones that need to notify me. I believe that this falls under the "OK to notify."
This prompt is not even tied into the underlying TCC system; it's basically purely decorative. Failing to respond to the prompt, or responding "Open System Settings" to the prompt, does not even revoke the existing permission.
The prompt is also not even tied to the application bundle's code signature; tampering with the signature will not re-trigger the prompt. Nor will the prompt be re-triggered even if the application's entire bundle ID (com.example.example) changes.
No; the only way to re-trigger this prompt for an application is to rename the app bundle itself. That's right. Renaming Test.app to Test-dumb.app will trigger the prompt when nothing else will.
This isn't really worth criticizing that much because the prompt I think is designed as purely like a "don't forget about this" type of measure, and not one tied into actual security. But also that speaks greatly to the design challenges facing the TCC system more broadly, that this type of thing is seen as necessary.
Wow, tinyapps.org is still around? Having a nostalgia moment when I downloaded their curated apps onto my ZIP100 to try on my home computer running Windows 95.
And who still remembers analogx.com?
Back then, my download site of choice was happy puppy.
I thought this was a good thing. I want to know what I missed when removing/disabling things that open at logins, run in the background, and have extensive permissions.
> I want to know what I missed when removing/disabling things that open at logins,
All the permission grants are summarized in system preferences. Much more elegant to go do your own audit than have to respond to nag screens.
The nag screens are an inferior Windows security feature (think UAC) no doubt manifested as a result of The Bozo Explosion which Jobs managed to fend off for about a decade or so.
AFAICT, Apple excludes all their own apps. Seems like a way to try to get people to use Apple's apps over everyone else's. Just to check, I pick the Quick Time Player. I pick "New Screen Recording". No prompt.
I thought all apps using the new window picker API were excluded and that includes most of Apple's apps?
This is correct - the mechanism seems like it’s primarily for shaming developers that don’t use the new API
Don’t let facts get in the way of Apple bashing. Apple already does so many legitimately anticompetitive things (see: iOS EU blah blah), so resorting to this low-quality complaining is very lazy.
Too many notifications and you get fatigued which is not good either. Maybe in future the on-device AI will decide whether to notify you. (Hmm this could be an idea, can you use a RPA tool to click those notifications on mac?)
Allowing that to be automated outside of users control is just another security problem to solve. Why not go all in on this and let the apps approve all privileges for themselves, right? So convenient for the user... That just contradicts the very idea of any approvals from user.
I actually think UAC on Windows has this done more clearly and is harder to go around. Wonder how that would work if it was extended for more granular permissions that apps can trigger on demand.
I agree with reducing notifications, but not at the expense of critical notifications. For more than a decade, I have eliminated all forms of notifications and have been selectively allowing the ones that need to notify me. I believe that this falls under the "OK to notify."