Monday, November 13, 2023

A Picture Is Worth a Thousand Permissions Requests

Jason Snell (Reddit, Hacker News):

Due to an extremely weird series of troubleshooting maneuvers, I recently found myself having to set my Mac up from scratch without migrating any of my preferences for the first time in longer than I’d like to admit.


More than anything else, though, the experience reminded me that Apple has a lot of work to do when it comes to making the experience of upgrading or migrating to a new Mac more pleasant—and that its Security and Privacy team clearly has too much say in the overall macOS experience.


Pick your poison: You can die quickly thanks to a barrage of privacy warnings, or you can die slowly by having to deal with privacy warnings every time you run a new app. Either way will kill you.


macOS needs to find a better way to let users broadly approve permissions for specific apps. Why am I asked to approve three or four items in sequence instead of being given some sort of simple window indicating all the permissions that are being requested, allowing me to approve or disapprove individually or all at once?

Joe Rosensteel:

I paused, and I read that a few times to make sure I was comprehending the warning. I was warned that the application was downloaded from the internet (I downloaded) and asked “Are you sure you want to open it?” because I had double-clicked on it to open it. Both of those things were definitely true, so what does the little gray text mean? Oh, it wants to tell me the time it was downloaded by Safari, which I guess I could put in my personal journal, but most importantly that Apple checked it for malicious software and none was detected.

Are you sure you wanted to do the thing that you told the computer to do even though it’s safe?!

Mike Rockwell:

macOS feels more restrictive and more annoying to use with each release. Despite having the best hardware in the industry, the operating system is starting to push me toward alternatives.

Jason Snell (Hacker News):

My point wasn’t to ask Apple to make the Mac less secure. It was for Apple to find some ways to improve the user experience while keeping Mac users safe by default. It feels like there’s an imbalance where security is being prioritized but the user experience is allowed to lag, and it’s a problem.


Here’s a screenshot I took right after my new Mac booted for the first time after migration[…]

What’s happening here is that Migration Assistant has migrated all my apps, and has automatically launched any of them that are listed in Login Items or are set to automatically launch in the background. They all launch, all at once, and every single one of them then prompts me for permission to do all the things they already had permission to do on my previous Mac.


Setting up a new M3 iMac should be a pleasure. When I was done, I felt like a swarm of bees was buzzing in my head.


Update (2023-11-20): freediverx:

Mac Vs PC commercials - Cancel or Allow?

Update (2023-12-06): John Gruber:

I went through the exact same thing. Except if I had taken a screenshot of all the security-permission alerts I had to go though, there would have been more of them — and Snell’s screenshot looks like a parody. Back in the heyday of the “Get a Mac” TV ad campaign, Apple justifiably lambasted Windows Vista for its security prompts, but that’s exactly the experience you get after running Migration Assistant on a Mac today. It’s terrible.


MacOS itself stores too many security/privacy settings in a way that are tied to the device, not your user account. There ought to be some way to OK all these things in one fell swoop.

Update (2023-12-12): Paulo Andrade:

“The Security and Privacy team clearly has too much say in the overall macOS experience”.

They not also have too much say but their solution is always to alert the user. It’s the easy way out… once the user has alerted the it’s now the user’s fault.

12 Comments RSS · Twitter · Mastodon

Mac Vs PC commercials - Cancel or Allow?

Beatrix Willius

I still call the macOS security clicker training. It's like my own computer doesn't trust me. Especially, the individual access of apps to folders is as superfluous as possible. Even full disk access never made sense to me. The emails of all other email clients are not protected so why the emails of Mail? Why does every pane in System Settings -> Security + Privacy act differently?

I've never thought of this as Apple trying to keep us safe. To me it's always been Apple trying to make people buy stuff through Apple controlled marketplaces. (So that they can extract rent)

I have devoted a lot of my spare time to learn how the macOS permission/security systems work (at least superficially), and I'm still very often not sure what the practical consequences some of the security dialogues have.

The whole thing makes no sense from a security perspective.

As anyone who has actually helped a relative with a computer knows, people don't read messages. "I pressed send and it showed me an error". "So what did the error message say?" "I don't know. I didn't read it, but you need to fix it." So what's the point of these messages?

It only makes sense, as Kristoffer says, if it's just about extracting more rent. Indeed, why require unsigned software to be started from the Settings App of all places, if it is not to confuse 99% of all users?

What's frightening is that this blatant money grab isn't laughed out of the room because there are so many other examples of nonsensical things in our society that yet another one doesn't raise an eyebrow...

@Old Unix Geek It also makes sense as a way to shift blame onto the user. They should have known not to click the button to open the app even though they didn’t read the alert saying that Apple had found no malware.

Those stupid security pop-ups are one of the major reasons I'm still running macOS 10.14 on my main system, even though it's gradually getting more and more painful to do so. I just don't want to deal with the frustration and annoyance of using modern macOS. I hate what Apple's done to it. Each of those pop-ups is the user-facing portion of a new security restriction Apple added to the OS that locks down what apps are allowed to do, allegedly for security but it's all just security theater, trying to solve problems that weren't really there in the first place. It really does just seem like Apple wants to control what you're allowed to do on your own computer for their benefit, not yours.

Once upon a time I could get a new mac, plug it in, turn it on and just start using, and set up all those important customizations, preferences and settings later. That was awesome, and now it's the opposite.

It feels like all the execs and devs at Apple run a special internal version where all those annoyances are turned off and they just do not see the problem because they never have to deal with this themselves.

When a lock is too hard and too annoying to use people tend to avoid using it, that makes it less secure.

There was a post a few days or weeks ago here about Apple silicon and the non-upgradeable-ness and 8GB of RAM standard and the overcharging of RAM and SSD and how it's all integrated on the M series chip now ... I wrote a long comment of my own, comment 15 to the 14 already there.

I never clicked "submit comment". It's just a big long sad trumpet. This and all the comments are the same thing. Anything I type here is the same. Apple has so clearly and loudly said "fuck you, we know better" to users, developers, customers, power users on the hardware and software and said it repeatedly over the last ~7 or so years.

They just do not care. Worse, like post above me and my long-sad-trumpet-comment-never-posted: it is as if Apple runs another MacOS is this not so fucking annoying. But I went farther:

Apple does not run non-Apple software internally. They never use Brave/Chrome like regular people do and have more than 100 tabs open. They do not use Google Workspace as millions of Apple users do, so sure, yeah 8GB of integrate RAM might feel like 16GB if you don't use that software. Safari is so utterly shit at having more tabs open that the window wide by design and Workspace does not even work properly by Google's design, so no one at Apple ever has this problem of running out of RAM. Tim Cook never uses Office 365.

As a company with a vision they are so junked up with phones, they have no idea how to make my iPad functional and they have no drive to make Google make Sheets support two documents in split screen. Apple has no incentive to give anyone more RAM or internal storage because anyone who needs more RAM, Storage, CPU gets a better machine because they are dogfooding. That dogfooding is killing the company. No one at Apple has to put up with mystery security popups that are too fucking tiny to read on a non-retina display because no one at Apple uses a 3rd party monitor every day.

They are blind. And dumb. And high on their own shitty drugs. A bunch of navel gazers.

Those I'm A Mac / I'm A PC commercials are now fossils of a time that no longer exists.

I love, love, love that many others are just as pissed off and frustrated as I am. Those voices are getting louder, but as users we lack a Joanna Stern moment where that one bit of criticism is like a truth gas wafting through Cupertino, waking the dreamers (née innovators) to ugly realities suffered outside the Ring.

It took them like five years to admit they went from making the best keyboards in the world to the worst keyboards in the world.

It took them years to admin they should make a monitor, then they did and it was unpurchaseable by most of their users, then they admitted they needed to make one for consumers, but fucked that up too.

It took them years to admit the Mac Mini was a good idea and to make new ones. It took them years to admit having a Mac Pro was important.

Non-macs look more and more delicious because they are so much cheaper, so upgradeable, and if you choose your OS wisely, won't nag you to the point where hours are spent clicking on silly prompts or staring at silly prompts trying to figure out what they mean or what will happen if you don't click them or allow or not allow them to do.

>I've never thought of this as Apple trying to keep us safe. To me it's always been Apple trying to make people buy stuff through Apple controlled marketplaces. (So that they can extract rent)

That's not right, though.

Yes, installing a Mac app from the App Store leaves out the scary (and a bit baffling) "the application was downloaded from the Internet" prompt. But on the other hand, all MAS apps follow the same TCC rules as notarized apps do. And on top of that, all MAS apps are sandboxed, whereas notarized ones don't have to.

So the Apple-controlled marketplace is even _more_ restrictive. Your comment to me makes it sound like Apple's offering a deal where you agree to sell through them and in return get more freedom as a developer; you get less.

No, I think Jason Snell has this right: it's a case where their security and privacy teams have outsized influence over their OS platforms, and their user experience teams do not. Which is surprising for the company that, well, originally created the Mac.

>Indeed, why require unsigned software to be started from the Settings App of all places, if it is not to confuse 99% of all users?

For the same reason mail clients disable hyperlinks on mails they've detected as spam and/or potentially malicious: so that unwitting users aren't tricked into doing the wrong thing.

I don't love it, and it does lead to absurd situations — the about face on their "Cancel or Allow" commercial, say. And also:

1. the M1/M2/M3 only allow two displays. So, only one external, even if your $1,599+ MBP's lid is closed.
2. so, you buy a DisplayLink adapter, or a dock that has that built in. You need a software permanently running for this, but, alright.
3. except starting around macOS Big Sur or so, this means that you have a permanent status item in your menu bar that tells you that DisplayLink is "controlling" (I'm not sure about the exact wording) your screen. Why? Because DisplayLink works through the Screen Recording permission. Always. With a big fat blue border.

Apple's intent there is good. But Apple's execution is not. There's no way to say "always trust this app". There's no way to accomplish this with a different API (that I know of). So you're being permanently punished because you didn't go $1,999 and up on a laptop that can connect to both displays on your desk.

But even there, I don't see some conspiracy of "haha, we'll make this experience so unfriendly that people will pony up more money on hardware". I just see teams not quite talking to each other.


In a world where we have Rosetta, QubesOS, sandboxes, etc, you can't tell me that the best solution for a state of the art OS is to hide the app starter in the Settings app to protect "unwitting users" from doing the "wrong thing" simply because it wasn't "signed" by Apple's server (which doesn't check whether that the binaries of the third party library you use weren't updated with spyware since you last studiously read its entire source-code). I'm sorry, but it's ridiculous.

The security-as-rent-seeking argument makes sense to me as a justification for coercing freeware/OSS developers into paying $100 annually for the privilege of writing software for the Mac, even if they can't squeeze us for additional revenue and restrictions in the MAS. Not sure I'm quite ready to attribute to malice what can be explained by simple incompetence, but the vaguely threatening warnings and hiding an app starter in Settings sure takes a lot of incompetence.

I spent an hour on the phone recently with a retired coworker who ended up with browser extension malware on his Mac. His iMac just died, and I'm not looking forward to the calls when he has to set up his new one next week.

Leave a Comment