Can nosy apps in one account access files in other accounts?

[OSXphoto]

This is a privacy related question. I set up a separate account on my macbook that I use for apps that I need for my employer's tasks, but that I would rather not have snooping around in my private account.

So are apps able to sniff files across user account limits? I am definitely aware that user files in other accounts are marked read-only and are only accessible for admins, but for all I know this can be easily circumvented. I don't own enough tech savvy judgement to answer this question.

Among the apps I need are google based apps, microsoft office and teams, citrix client, facebook, etc.

For the record I set up a separate VLAN to use with this account and set up rules that block all access but default gateway.

Any input highly appreciated.

 

[velocityg4]

I can't say for certain. But I'd say it is possible if it installs a background service as part of the installation you authorize. Otherwise third party backup software would be useless for multiple users.

Although with those big names. I wouldn't worry. Not because they are saints. But because they are under a microscope by many security pros and if they were doing that. They'd be caught by now. Unlike the closed up iOS. What goes on behind the scenes in macOS is much more easily monitored.

If you're really worried. Run an instance of macOS in a VM for work. Then everything is segregated. Which is what I'd do anyways. As I'd rather all the work software and files to stay out of my main OS.

Although if you are on an M1 Mac. I think you are out of luck running a macOS guest in a VM for now. But Parallels can do a Windows VM on M1 if you jump through a few hoops.

 

[gilby101]

I would expect the question to be the other way round. Your employer might be (should be) concerned that apps you run privately snoop on work related files/data.

If your employer was really concerned you would be provided with a) a work computer and/or b) a work VPN to segregate your work computer from anything else on your home network.

But if your employer is not sufficiently concerned just use the work related apps from your normal user account.

The only app you mention which would bother me is Facebook (which is running in the browser), but nobody seems to worry too much about how Facebook makes its money by snooping on you.

If you are concerned to keep you private stuff separate (even though your employer doesn't care) use a Virtual Machine (via VMware Fusion or Parallels) to run the employer stuff. [Assuming you have an Intel Mac]

 

[OSXphoto]

Actually my employer does supply a Windows laptop and on top of that they use Citrix VPN. However, I do use some apps on my Mac because (1) they work more conveniently that way (I don't like using Windows) and (2) sometimes I just need to get some information while I'm not logged on to Citrix and it's much quicker than doing the entire startup routine.
There were some concerns about a Citrix security leak about a year ago, but IIRC it was on the server end, not on my end. But I just want to be cautious.
Thank you for all your suggestions, that is very nice info!