Apple started adding user consent alerts way back in High Sierra. The first time an app would try to access your location, contacts, calendar, reminders or photos a system alert would prompt the user for consent. Mojave expanded these prompts to automation, camera and microphone. And now Catalina adds screen recording, keyboard input monitoring, access to folders such as Desktop, Documents and Downloads, user notifications and Safari downloads…
These alerts are just another step on a long path Apple has been taking to protect user’s data. Previous steps include code signing, sandbox, gatekeeper, the “curated” Mac App Store and notarization.
But security features are most useful when they’re invisible. All previous steps were mostly invisible. This last one… Not so much.
There’s a lot of complaining going around in Apple circles regarding the latest Catalina betas and the excessive amount of permission alerts and associated user access problems. On his latest podcast, for instance, John Gruber detailed how it took him ages to figure out why the Terminal wouldn’t show him any directory listings, until he realised the Terminal needed disk access permission, but didn’t ask for it.
This is, of course, all quite reminiscent of Windows Vista, and the goal here seems to be to turn macOS into iOS, with similarly harsh restrictions on what users can do on their computers.
What Microsoft did with Vista was the right thing to do. Back in the day with Windows XP I needed to use an administrative account to browse the internet because the dialer app for my internet provider required administrative rights.
> This is, of course, all quite reminiscent of Windows Vista, and the goal here seems to be to turn macOS into iOS, with similarly harsh restrictions on what users can do on their computers.
SELinux might be a better comparison. It’s about sandboxing applications to keep malicious applications from compromising the system, and having a security first posture is good. Mandatory access control (MAC) and principle of least privilege (PoLP) are the two concepts in play here.
This allows the user to have more control over their machine as it prevents malicious software from using the machine against the user. For instance, this is a better alternative to the piece of tape on the webcam. Remove all access to the webcam, and nothing will be able to get access without having to take a additional steps. Having a hardware switch to disable the webcam and microphone would be better if they can’t be removed, but being able to disable access is a good measure.
Our computers live in a hostile environment, and anything Apple can do to harden their systems is welcome. This is going to be slightly annoying, but we can’t run wide open systems anymore.
I month ago, I had the same kind of permission issue with Skype, downloaded from Windows Store. I could not make the microphone work at all with it. I could even hear myself with the sound recorder. But god forbid I had probably clicked once the wrong choice on an ill-explained dialog. Took me 2 freaking hours to figure it out and to roam through the legacy and non-legacy config panels in Windows 10.
I’d rather be too careful than not careful enough. If I download an app designed to let me, say, partition a disk and it wants access to my contacts, I’d rather not allow that and it tells me something about the developer of said app. I’d rather Apple fix the bugs in it (not asking permission sometimes, or dialogs not clear) than stop doing it. It’s a far better cry than what we have on other systems, from a user-facing perspective. Systems like SELinux are better for server administrators and those who know how to configure a system and know what they want the machine to do, but asking for permission the first time seems reasonable enough to me as a compromise provided they can smooth out the experience. It’s far from restrictive to ask a user if it’s okay for an app to grab data it may not need.
My only concern is that it might train users to click through everything, the way UAC did. I’m not sure, from a useability perspective, how we solve that problem if we even can.