You can't trust macOS Privacy and Security settings
Apple's macOS privacy settings for Files & Folders are revealed to be surprisingly misleading, as an app can retain access to protected directories even after explicit GUI revocation. This discovery sparks debate among Hacker News users about Apple's security transparency and the practical efficacy of their sandboxing model. The only reliable fix currently involves a specific Terminal command and a system restart, highlighting a significant UX and security disconnect.
The Lowdown
The article "Why you can't trust Privacy & Security" by EclecticLight.co exposes a critical flaw in macOS's Files & Folders privacy settings, demonstrating that applications can maintain access to protected user directories even when the system UI indicates that access has been revoked. The author uses a custom app, "Insent," to vividly illustrate this persistent access, highlighting a significant discrepancy between perceived and actual privacy controls.
- The demonstration begins by granting Insent explicit access to the Documents folder, then explicitly revoking it via System Settings' Files & Folders pane.
- Crucially, if the user then interacts with the Documents folder through an Open/Save Panel (an "intent-based" access), Insent surprisingly regains full, persistent access to the folder.
- The System Settings GUI continues to show the access as revoked, creating a false sense of security for the user.
- The underlying mechanism involves macOS's Transparency, Consent, and Control (TCC) system and its interaction with
sandboxd. User-initiated "intent-based" access through the Open/Save Panel appears to bypass TCC's explicit consent requirement, granting access that isn't reflected or controllable in the Privacy & Security settings. - The only known way to truly reset this persistent, hidden access is to use a specific
tccutilcommand in Terminal and then restart the Mac.
This behavior exposes a significant gap between the user interface's representation of privacy controls and the actual permissions granted to applications. It implies that users cannot reliably trust the Privacy & Security settings to reflect or manage application access to sensitive data, raising serious questions about the integrity of Apple's security model.
The Gossip
Permission Puzzles & Persistency
Many commenters were surprised by the article's findings, particularly that revoking permission in the GUI doesn't actually revoke it if "intent-based" access (via an Open/Save panel) occurred previously. While some argued it's merely a UX bug or an unintuitive feature, others emphasized the misleading nature of the UI as a serious trust failure. There was significant debate on whether implicit intent grants should permanently override explicit revocations, with many agreeing the UI should at least reflect the *actual* state of permissions.
Apple's UI/UX & Security Saga
A significant portion of the discussion critiqued Apple's overall approach to security and user experience. Commenters compared the macOS sandbox/TCC system unfavorably to Windows UAC, citing "permission fatigue" and unreliable UI toggles. There's a sentiment that Apple's attempts to retrofit robust security onto a desktop OS often lead to confusing or broken experiences, with some users recalling past instances of Apple software bypassing VPNs or their own apps being exempt from certain permissions.
Trust & Transparency Tussles
This theme delves into the broader implications for user trust in closed-source systems and Apple's privacy claims. Some users expressed fundamental distrust in Apple and other large corporations, advocating for open-source alternatives like Linux or client-side encryption as the only true path to privacy. The hidden persistence of permissions, coupled with the need for arcane Terminal commands to fix them, fueled skepticism about the transparency and user control offered by macOS.