Friday, November 22, 2019

Detecting Screen Recording Permission on Catalina

Craig Hockenberry (tweet):

All of the solutions presented here have a flaw in one way or another. The root of the problem is that there’s no correlation between your permission to know about a window (via the name in the window list), your permission to know about the process owner of the window (such as WindowServer and Dock). Your permission to view the pixels on screen is a combination of two sparse sets of information.

Here is a heuristic that covers all the cases as of macOS 10.15.1[…]

Most of the new privacy settings in Mojave and Catalina don’t have APIs to query whether permission has been granted. And many don’t even have APIs to request permission. This leads to extra work for developers to maintain changing heuristics and ultimately a more error-prone and complicated process for customers.

Nicholas Ptacek:

It’s such a mess, and so dumb that we have to do crazy workarounds to get what should be built-in functionality. Apple seems to be under the impression that if they make it excruciatingly hard for developers to query permissions, they’ll just give up.

As do some customers when the system privacy database gets corrupted and the only way to fix it is to reboot in single user mode to temporarily turn off System Integrity Protection.

Previously:

Update (2019-11-25): Neil Sardesai:

Latest update to Step Two got rejected from the Mac App Store cause my QR code scanner technically needs screen recording permissions

It doesn’t help that the Screen Recording permission alert doesn’t let you supply a usage description string. And there’s no simple way to check if your app has screen recording permission, making it hard to put up your own explanatory UI

After explaining to the reviewer why screen recording is needed, they’ve asked me to completely change how the feature works, which is nuts. Other Mac App Store apps like 1Password do literally the exact same thing.

4 Comments RSS · Twitter

As a user, this whole thing sounds exceedingly dumb, and indeed dangerous. If I’m understanding this correctly, because Apple isn’t supplying a a reliable way to query permissions, developers have to figure out every conceivable use case (best of luck with that), and code for it in hopes they can guess whether an action was successful? And if the developer fails to figure out every conceivable case, a function just fails, probably silently?

Users will believe the app is busted and blame the developer. Or, users will think something succeeded when it didn’t, and data loss will result. This is terrible UX.

Apple sucks for doing this but I find it hard to sympathize with developers putting things on App Store then complaining about their stupid rules. Don't put your app in the App Store!!!

@bob The problematic permissions stuff applies to apps outside the App Store, too.

[…] Until Apple gives 3rd party developers a way to properly request the permissions we need to build th…, hacks like these are going to be the norm. […]

Leave a Comment