Tuesday, July 23, 2019

Annoying Catalina Security Features

Jason Snell:

After 24 hours of trying to use Catalina in earnest with all my data and apps intact, the new security features are incredibly annoying. Apps constantly asking for permission to see various folders, lots of relaunches and trips to System Preferences. It’s really unpleasant.

At WWDC Apple’s presenters said they would not prevent you from running software you wanted to run on your Mac, but these interface choices are disaffecting. It feels like my Mac is fighting my choices every step of the way, and there’s not even a button to turn it all off.

Erik Schwiebert:

Apple is going to end up learning the lesson Microsoft did with Vista’s UAC prompts. Users end up getting conditioned to blindly click OK because the “security” just gets in their way. It’s a mess.

Mark Hougaard Jensen:

I, apparently as the only one, think it’s great. I found out for instance that Google’s “backup from this Mac” app wants to log all of my keystrokes. I’d never have known if Catalina didn’t tell me.

[Update (2019-07-26): I’m not sure what this is referring to, as apps such as TextExpander and Dash that need to monitor which keys you type have long needed to ask for accessibility access. There’s speculation that the warning is about registering a global hotkey, in which case it sounds like it’s misleading or was misinterpreted by Jensen.]

Kyle Howells:

They won’t actually prevent you from the running software. They’ll just limit how much they can do and make what they still can do impossibly annoying to use until you voluntarily give up and stop using them.

Bryan Jones:

Agreed. It also irritates me that GateKeeper is automatically re-enabled periodically.

I constantly have to turn it off in Terminal just to open a bash script marked as executable in a text editor.

Brad Brown:

The worst so far for me is that all my QuickLook plugins are blocked, and while permission dialogs are annoying for other things, I can’t even find a way to whitelist those plugins anywhere.

John Gruber:

I sincerely think Apple should add a single “expert mode” preference to OK all of this at once. Maybe even make it something you have to type in Terminal, to discourage looky-loos, but something you only have to do once.

Peter N Lewis:

I think the security preferences needs to be flipped over, so applications are listed, and then permissions associated with them, with a big red switch at the top for “allow all”.

Daniel Kennett:

Modern Mac development! \o/

James Thomson:

Honestly, this is all part of my decision not to rewrite DragThing. The writing is on the wall for system level utilities, even if it’s tolerated currently...

Peter N Lewis:

[It] is clear Apple wants to stop all levels of unapproved workflow apps, despite it being essential both for business and even more so for accessibility assistance.


Transmit 5.5.2, released today, will be the last version to support the current iteration of Transmit Disk. To prepare Transmit 5.6 for Catalina, we must support hardened runtime, which means dropping Transmit Disk and OS X El Capitan (10.11).

Wil Shipley:

App sandboxing has set app development back more than anything else. I love security but it was designed wrong from the beginning. Should have just replaced the system calls instead of trying to be invisible and magic.


It wouldn’t have been trivial to create a new set of API calls that were secure and remove access to the old ones, but it would have been a billion times better for developers and users than the current hyperlink nightmare.

Daniel Jalkut (tweet):

The Catalina 10.15 public beta identifies software that has not been notarized as potentially risky because it “cannot be scanned for malware.”

Peter N Lewis:

And the (“cannot be scanned for malware.”) is such a lie, since Apple could clearly just check it at that point - why not just add a Scan button, and have it scan using the same process. Why? Because Notarisation is about controlling developers, not about security.

macOS doesn’t even tell you that there’s a way to bypass the check by using the Open command in the contextual menu.


Update (2019-07-24): Kyle Howells:

“Locking everything down that they can” is exactly what they are doing. And it’s killing the mac. If you lock everything down, you no longer have a powerful computer capable of anything I want to do, you have an iOS device with a different UI.

Dave Mark:

Disheartening. This is the first Mac beta I can remember that didn’t call to me. 🙁

Peter N Lewis:

This is the first OS X where I really really don’t want to upgrade for reasons other than concern about bugs. This drops support for 32-bit, breaking lots of old games and tools, and adds a whole bunch of security theatre road blocks.

Shawn King:

Same here. This is the first OS X version I won’t upgrade until I’m forced to.

See also: The Talk Show.

Update (2019-07-26): Martin Pilkington:

I think the first time I encountered it was opening an Xcode project from the desktop. Understandable if wanting to access the desktop directly without any user input, but seems a tad overkill for those cases where I explicitly tell an app “open something in ~/Desktop/Foo/”

Rosyna Keller:

Yes, that is supposed to be inferred access. Through the betas, inference is getting much, much better.

See also: Reddit.

Update (2019-07-29): Peter Steinberger:

Anyone seen that one yet? App doesn’t start anymore, no idea how to fix.

Message from debugger: Error 1

The fix:

sudo DevToolsSecurity -enable

Finding that took me 3 hours. Yay.

Update (2019-08-13): Craig Hockenberry:

This constant barrage of security permission dialogs on Catalina would be a lot less distasteful if a modicum of thought went into the user experience. Everything about the flow, including help that’s incorrect when you click on ?, is about accessibility, not the user’s goals.

Update (2019-08-16): Joe Barbour:

Could you explain why @sip_app wants to record my entire screen? No where in your terms of service does it state you will record the users screen, this is illegal.

Paulo Andrade:

Sip is a color picker. The warning in Catalina makes its users feel insecure...

See also: The Talk Show.

Update (2019-08-20): Paul Kim:

In case you haven’t figured it out yet, third-party System Preference panes on Catalina are loaded into a separate “legacyLoader” process. Can’t find any mention of this and had to find out through back channels. This is also responsible for all sorts of display bugs. Lovely.

Update (2019-12-20): John Gruber:

I have not touched the Simulator in about 24 hours. I just got this alert while I was typing in MarsEdit and really in the flow. The modality of the alert interrupted me mid-sentence.

Update (2020-01-30): Steve Troughton-Smith:

Speaking of Catalina and its dialogs, this daily popup drives me crazy. No indication what causes it, and if I don’t enter my password I can’t continue using the machine. Checking Activity Monitor suggests it’s Mail-related

41 Comments RSS · Twitter

The whole Apple developer experience just isn't fun anymore.

And, increasingly, it's feeling like the Mac user experience in general just isn't fun anymore. Pretty much just cognitive inertia and two or three apps keeping me around at the moment.

Totally not looking forward to this

Wasn't Snell one of the few people saying we should embrace all of these major changes with open arms just last month?

Also: Catalina looks like it will be the first OS X that I will not upgrade to in YEARS. So far it sounds like a train wreck: 32 bit apps will no longer work, everything else will be on lock-down, and iTunes is gone -- then there's a bunch of new stuff like Podcasts and TV apps, iPad Sidecar, Screen Time, that I don't care about.

I see zero reason to upgrade.

I tried 10.15 on a test machine: opened Safari to download something, and it now gives a prompt warning you that you're downloading a file! FFS. No such warnings using App Store I'm sure.

This is iOS unification folks, macOS will be whittled down to an iToy.

> two or three apps keeping me around

I had kind of an epiphany recently. It's pretty trivial to virtualize macOS on Windows nowadays. So now I have a full-screen OS X installation on my Windows laptop that I can just switch to when I need to, say, open an OmniGraffle document. This has given me the peace of mind to stop using my MacBook Pro altogether.

> Lukas

Crazy that Windows can now be considered a better user-experience than macOS... How times change.

I still develop macOS apps, so, for now, I'm tied to the platform. With the direction macOS is headed I would probably have switched to Linux a year or two ago otherwise.

I upgraded to Alfred 4 the other day (on Mojave). There were a total of 4 system permissions required during the first-run process (Accessibility, Full Disk Access, Automation and Contacts). The first two in particular are a total pain to enable (authenticate to unlock, set permission, re-start app). When enabling Accessibility macOS prompted me to restart Alfred, which would not quit, then the entire macOS UI froze - I could do nothing, even though processes still seemed to be running. Had to hard reboot to get back again. Whether this was caused my macOS or Alfred I don't know (macOS I guess), but either way the user-experience is absolutely terrible. Security is a trade-off, but even Mojave has the balance wrong. Badly wrong.

At the time of this writing , I’m not planning to notarize the freeware I’m distributing. My goal in life is not to pay 99$ a year to have the right to distribute free (and open source) software.

I'm still on High Sierra and honestly I'm not sure if there's a good reason to upgrade to Mojave, other than not being too far behind when Catalina is released.

Ah, I'm glad you found a way to do it. My last attempt a year or so ago didn't yield a usable VM. My existing plan is to run High Sierra on a 2010 Mac mini and use VNC, but the VM approach might be better.

Now you've got me considering a Ryzen 9 just to have another 2 cores to put towards that...

@ stephane
Unsigned apps will run like before. But apps signed with a Developer ID certificate needs to be notarized.

@galad Apple’s documentation says “Beginning in macOS 10.15, notarization is required by default for all software.”

Beatrix Willius

Catalina sucks. There is no other word for it.

I got the "log all keystrokes" warning from 2 apps, too. Pretty sure that this is another bug. Among the many many bugs that Catalina has.

[…] Annoying Catalina Security Features – Michael Tsai […]

@galad I don't mind codesigning apps. I'm just just against having to pay a trillion-dollar company a rent to be able to distribute freeware on its neglected desktop platform.

I'm another Mac (shareware) developer about to call it a day. I started writing apps on 10.6 and it was a joy all the way through to Sierra. Then we started getting the hoops to jump through. I think App Translocation was the first one, then Mojave kicked me in the teeth with the first tranche of "user protections" and now Catalina just takes it to beyond a joke. As a developer, I don't mind jumping through hoops if the user is getting a better experience, but the last couple of iterations of OSX/macOS have made both my development AND my user experience a whole lot more painful. Add to that the constant API churn that seems to mean an app rewrite almost every time WWDC comes round, I feel like the effort outweighs the reward.

>My last attempt a year or so ago didn't yield a usable VM

By default, it won't work, but there are easy-to-find tools on the web that will make disk images bottable on Windows. It was basically two minutes of googling, and then 30 minutes of setting things up. Everything worked on the first try.


Fortunately, they will also make them bootable.

Aye, ended up figuring it out. It's very slow for me, but for reading/writing the occasional iWork or Omni doc it should be fine.

Incidentally, I decided to give a genuine Mac one more fair shake and brought a 27" iMac home, but will be returning it after less than a week. The screen is still too glossy and, despite getting the best standard SKU, the combination of only 8GB RAM + the Fusion Drive makes the experience miserable once the swapping starts (which doesn't take long). Apple should be ashamed at how sluggish this $2,600 (!) computer is. I'd have to spend even more for sufficient RAM and a non-fusion SSD to make it usable, and I'm not comfortable making that investment at a time when there are still so many software quality concerns.

The last thing I want to do is walk away from 15 years of Mac familiarity, habits, muscle memory, and software investments... all in exchange for spending a bunch of time re-learning a different OS. But, I'm not really sure what else to do at this point. All of the Macs are either too expensive or don't fit my needs. And macOS itself is in such a state where, for the first time ever, I'm not even sure I would 'upgrade' to the new version. It's frustrating.

Sören Nils Kuklau

Incidentally, I decided to give a genuine Mac one more fair shake and brought a 27” iMac home, but will be returning it after less than a week. The screen is still too glossy and, despite getting the best standard SKU, the combination of only 8GB RAM + the Fusion Drive makes the experience miserable once the swapping starts (which doesn’t take long). Apple should be ashamed at how sluggish this $2,600 (!) computer is.

I’m not going to defend Apple’s pricing, but there is no $2,600 standard SKU 27-inch iMac, and a configuration with 16 GB RAM and SSD is $2,099. Heck, at $2,699, a hundred bucks above your configuration, you get 32 GB RAM and 512 GB SSD, which is a bit low on the storage side (but it’s a desktop, so external expansion isn’t that annoying), and more RAM than most people need.

Having said all that, I feel like they should just drop some of these low-end configurations.

Ben G, did you mean the article from May where I specifically advocated for a "developer mode" like Gruber? Where I said that Apple seemed to be trying to find a balance between security and usability? Where I advocated for better default security on the Mac? I assume you did.


Slamming me for saying that is like slamming someone for saying they want to read the next (insert name of beloved novelist) novel here, only for it to end up not being very good. It's ALL in the execution, and the execution in the Catalina betas is terrible.

Anyway, I talked about this for about 20 minutes on Upgrade this week.


>It's very slow for me

It's interesting. I haven't enabled graphics card support, and I'm not sure whether enabling it will work, so screen drawing feels a bit sluggish. It's definitely not as snappy as a real Mac (although it does feel much better than remote desktop on a local network). However, all of the CPU-bound stuff executes quite fast. So I don't think speed is the problem, it's just drawing stuff on the screen that makes the whole thing feel a bit slow. Having said that, I'm running this on a Lenovo Legion y740 17 with an i7-8750H, and I'm assigning four cores and 16GB of RAM to the virtual machine, so ymmv.

>but there is no $2,600 standard SKU 27-inch iMac

In Switzerland, the 3,7 GHz 27" standard SKU iMac costs 2’656.83 US$. Not sure if that's the one remmah is talking about, but different people pay different prices for Apple's products, depending on where they live.

Yeah, here in Sweden the 3,7 GHz 27" standard SKU iMac costs 29,066 SEK which is 3,024 in US dollars. It's a combination of different prices in different regions, a higher tax (VAT) and an unfortunately low Swedish crown.

[…] Annoying Catalina Security Features […]

>but there is no $2,600 standard SKU 27-inch iMac

The default 3.7GHz $2,299 SKU + tax + AppleCare = over $2,600 where I live.

What I did: I built a Threadripper (2950x) system, put a lot of ram into it, 2 GPUs, installed Linux, set up KVM and installed macOS into a VM. I passed through the 2nd GPU to that VM. The VM is just as responsive as a native Mac. I do all my Mac development inside that VM. All my day to day computing I do on Linux (Arch btw. + i3-gaps).

This whole setup cost half of the base price of the new Mac Pro and it boasts 128 Gigs of Ram, 16 Cores and 2 modern'is GPUs (Vega64 + Radeon 7).

@Jason Snell
Thank you for taking the time to respond to this thread. I missed the initial conversation surrounding this issue, so without the initial comment by @Ben G and then your response, I would have been left in the dark.

"third-party System Preference panes on Catalina are loaded into a separate “legacyLoader” process"

3rd party screen-savers UI are also loaded in a "sandbox" since macOS Mojave. Which leads to numerous issues with UI (like secondary windows not becoming keys, NSOpenPanel crashing System Preferences.app, NSOpenPanel returning incorrect URLs, etc.).

In Catalina (last beta I checked was b5), the issues are still there, with different symptoms for some of them (e.g. NSOpenPanel is AWOL).

It looks like you don't need to code using Catalyst to create poor user/developer experience on macOS.

[…] Annoying Catalina Security Features […]

[…] Apple can also repeat mistakes that Microsoft once made with Windows Vista, by requiring so many permission approvals from users that they start clicking on them all without thinking. Michael Tsai collected a ton quotes from developers and users who were already worried about this problem in July. […]

In the past, to debug a System Pref Pane, you could make a copy of System Preferences and self-sign it, then use this copy as the debug target. With legacyLoader this is no longer possible. Although you can still make a copy and self-sign legacyLoader, there is no way to force System Preferences to use the modified self-signed copy as it will always launch the built-in, Apple-signed legacyLoader. The only way I can see on 10.15 to debug a prefPane is to disable SIP system-wide. Not a great solution.

Seriously considering downgrading to Mojave because of this. I just downloaded 'Logitech Options' for my new mouse and had to allow access 5 separate times (with quitting the app in between each) to give it enough access to identify my mouse... PITA Apple.

You know what? We should just deal with it. I guess we gotta wait for the next upgrade unless you want to downgrade, but I wouldn't want to, since you have to reboot everything. I mean eventually, things will get better right?

If you don’t push back against slow transition to multi-thousand dollar closed system- Sun style OS glorified iPads with vestigial keyboards and mouse, no it never gets better. “Deal with it?”

Nah, you deal with it. I’m not rewarding Tim Cook for limiting the hardware I bought and just staying on Mojave. Everything works and “if it doesn’t get better” then I still have work to do, I’ll just have some hard decisions to make about what what platform makes my life easier.

Switching back to Windows or pivoting to Linux and throwing Tim Cook OS in a VM. Never buying “new Apple” anything becoming a given. What a timeline.

Most of those annoying things is cause because lack of information from Apple.

For those who are being constantly receiving popup from Gatekeeper when opening some documents, or some app, here is how it works.
Gatekeeper works by reading 1(one) just one extented attribute on any file you open or execute. It reads the `com.apple.quarantine` attribute. This attribute is set once you download a file, or copy it from some neutral/untrusted source.

1) You can check that attribute on terminal, using `ls` command: ls -lea@O

If the file HAS that attribute, gatekeeper may popup on certain conditions (being the most comom: first time you open/execute that file, but there are others), so to get rid of it popping up, you have to REMOVE that attribute. By removing it you are telling the Operational System that you trust that file, you know what it is, and you don't want it to check that file anymore.

2) Cleaning the attribute is easy. On the example below, the command will clean the quarantine attribute on all my VST Components (sound effects) that I use to download and install
sudo xattr -r -d com.apple.quarantine /Library/Audio/Plug-Ins/VST

You can use it to any app:
sudo xattr -r -d com.apple.quarantine /Applications/Quiver.app

Or any document, on which the system is annoying you. You can even tell it to clean all your documents from that attribute:
sudo xattr -r -d com.apple.quarantine ~/Documents/

Thats is all about those prompts "Apple Cannot verify...", "This app was downloaded from abcd do you trust it", etc...

Another way to tell the system that you trust such app you downloaded, is to Open it using the mouse right-button and selecting OPEN. You have to open it 2 (two) times via right-click -> Open, and that will tell the security system mechanism that you Trust that file, and you don't want it to be annoying you anymore. And it will mark that app as Trusted on its internal database (actually the launch database). The extented attribute will continue to exist, but the action of open it 2 times this way marks that app as trusted.

Once you get used to it, its become very simple to do it, because it is just ONE time you have to do it, and the system will be your friend by not annoying you anymore, and you know you are safe because you dont have do disable the Gatekeeper service (as a lot of people do), instead you now understand it, and you tell the Gatekeepeer to trust what you want it to trust.

[…] ratcheted tighter with every recent version of MacOS. Catalina, in particular, is notable for the vast quantity and types of cautions that users are expected to […]

I did a downgrade from Catalina to Mojave 6 months after committing to the former. While that was a painful process because none of the old backups helped in the process, it still turned out to be less of a hassle than the constant fighting with OS permissions in Catalina.

If there were a Mac equivalent of Windows 8, then Catalina would be it.

[…] Apple may be repeating Microsoft’s mistakes when they return to Windows Vista because there are so many permissions from users that the button starts all of them without even thinking about it. Michael Tsai has many collections comments from developers and users were also raised about this issue in July. […]

Leave a Comment