Question about Privacy settings

[mac_in_tosh]

In the Security and Privacy system preference, in the Privacy tab, there is a Files and Folders item and it says "Allow the apps below to access your files and folders." Can someone explain what this means? Programs that are not even in the list, such as Pixelmator, can open files. Programs that have Desktop Folder unchecked nevertheless can access desktop files.

So what exactly does this system preference mean?

Thanks.

 

[hobowankenobi]

It would be good if Apple made this more clear. As I understand it, occasionally an Application might request/need to see access to protected folders. Rather than letting applications have access to essentially all folders (as was the case in older OSes, now the Application(s) need to be granted access.

That part is fairly reasonable. The vague part is...exactly which folders? No obvious way to know. I think we can assume folders that typically a user may not have unfettered read/write access to, but it would be great to know.

On top of that, Apple keeps changing (tightening) security-based access limitations. While that's good with regard to hardening the OS against hacks or attacks, it also means a moving target for users to know/understand limitations. MacOS 11, for example, introduces the SSV.

Up to at least 10.15, if an app needs specific access to any directory it does not have by default/automatically, it should prompt you to add that app to this list...assuming you trust the app and approve of what it is doing. Overview here.

 

[jz0309]

agree with @hobowankenobi that is is not totally clear, see Apple's support doc below ... I think it is for websites and apps that run on these websites ... I do not think it is for apps that are installed locally ...

Control access to files and folders on Mac

On your Mac, control which apps and websites can access your files and folders in your Desktop, Downloads, and Documents folders.

support.apple.com

 

[kullerhamPster]

I'm also very confused about these settings. A few days ago I noticed that "Visual Studio Code - Exploration" (the insider edition with support for ARM) asks for permission if I want to store something on my desktop, but even though I denied it was able to store the file there. Terminal, on the other hand, also asks and is unable to access those folders if I don't grant permission.
Other apps, such as Word or Libreoffice, are able to access these folders without ever asking and also don't appear in the list in Privacy -> Files and Folders.
If this is meant as a security feature, it doesn't seem to do a good job atm.

 

[satcomer]

In the Security and Privacy system preference, in the Privacy tab, there is a Files and Folders item and it says "Allow the apps below to access your files and folders." Can someone explain what this means? Programs that are not even in the list, such as Pixelmator, can open files. Programs that have Desktop Folder unchecked nevertheless can access desktop files.

So what exactly does this system preference mean?

Thanks.

If you really want privacy download the shareware Little Snitch. Think as a reverse firewall on every connection to the Internet and you’ll be surprised on home many programs call other places than home!

Also download the chromium Browser Brave Browser to block all add trackers instead of memory hog Crome!

Lastly consider using a local VPN service because your local ISP is worst at tracking!

 

[kullerhamPster]

I tried a few more programs, and it seems that most apps downloaded from the App Store can simply access those folders without permission, whereas the dialog to request permission appears for apps downloaded elsewhere.
For most of the apps that do ask, it doesn't seem to matter which answer you choose, the folders are accessible afterwards (even though the box in the privacy settings is unchecked). The only two apps I found so far that seem to care for this restriction are Blender and Terminal.

It would be great if someone would try to reproduce said behaviour, because I would like to know if this is a general issue or something that only happens with specific configurations.

I'm running Big Sur 11.1 on an M1 machine, the issue already existed with 11.0.1.

I think that basically every app not downloaded from the App Store can be used for testing purposes.

 

[Quackers]

If you download an app and it requires access to your files you get a pop-up asking you if you want to ok it.
I suspect that entering the app in this field stops that happening.

 

[kullerhamPster]

If you download an app and it requires access to your files you get a pop-up asking you if you want to ok it.
I suspect that entering the app in this field stops that happening.

What field?
The pop-up does appear, but for some apps, the app can access the folder it asked for afterwards no matter what I choose (and the pop-up never appears again).

 

[Quackers]

What field?
The pop-up does appear, but for some apps, the app can access the folder it asked for afterwards no matter what I choose (and the pop-up never appears again).

In the field that the OP was asking about
If you enter the app into that field it will never ask for your permission.
I realise it only asks once anyway but I suspect this is what that field is for.

 

[kullerhamPster]

In the field that the OP was asking about
If you enter the app into that field it will never ask for your permission.
I realise it only asks once anyway but I suspect this is what that field is for.

Ok, now I got it
I also think that this is the purpose of that field, but there are per-folder checkboxes beneath each app, so I would guess that it should also be possible to revoke those permissions. But for most apps, checking or unchecking these boxes doesn't seem to change anything. Pretty odd...