For PDF to be a truly universal document format, it needs encryption and a mechanism of controlling what the reader can do with a document. Much of this has inevitably been driven by commercial users of the format. For example, an organisation publishing books in PDF format wants to be able to prevent you from printing them out and from copying their contents. Many users work with documents containing sensitive information, so want to be able to protect that, in case those files fall into the wrong hands.
Unfortunately, such simple, if sometimes thoroughly frustrating, features don’t work properly in macOS. This article tries to explain what has gone wrong, and why protecting or encrypting PDFs for Macs is a bad way to go.
These problems came to light when I was asked why a particular PDF, a newsletter, only printed out a single blank page and wouldn’t go any further when it was opened in Adobe Acrobat Reader. One of the possible reasons is that the document could have been protected so that it couldn’t be printed. To look at that, I created a print-protected PDF and tried this out. To my surprise, although Preview (in both Mojave and Catalina) informed me that it was encrypted, it assured me that printing wasn’t restricted in any way. When I tried to print it from Preview to another PDF, all I got was a single blank page – no invitation to enter its password, nor warnings that printing wasn’t allowed.
macOS actually has excellent support for permission properties in PDF documents. Those supported currently are:
- copying of content
- extraction of content for accessibility purposes
- insertion, deletion and rotation of pages
- changing document contents
- form field entry.
So in theory there should be fine controls available which, for example, could prevent the user from copying chunks out of a document, but still permit the extraction of content for someone using a text-to-speech tool. The snag, and the reason for problems in trying to use these features, is that macOS itself provides minimal support for just some of these features. The rest is left up to the app developer.
The most obvious illustration of this is with complete encrypted PDF documents. macOS doesn’t check whether a document you’ve tried to open is encrypted, nor does it prompt for the password – those are left to each app to implement. Try opening an encrypted PDF in my free app Podofyllin, for example, and it simply crashes, as it doesn’t check for such documents. Preview does detect encrypted PDFs, and prompts the user to enter the password.
When you look at finer controls, the picture is rather grim. Apps which have an export as PDF feature seldom offer any control, other than to encrypt the whole document. The only standard access to permission properties is through the Save as PDF option in the Print dialog. In addition to whole document encryption, its Security Options dialog offers only two of the seven properties listed above, and they don’t work properly either.
Open a document in an app like Apple’s Pages, and you can readily verify these problems. Pages has an Export to PDF feature, but that offers only two options, unencrypted or whole document encryption. There are no finer controls available there at all. For those you have to Save as PDF through the Print dialog, as with other apps.
Try using that, ticking only the box to require a password to copy text and other content. Enter the password and verify it, then generate the PDF. When you open the resulting PDF in Preview, or any other app which can open PDF including Podofyllin, you’ll discover that you can still copy content from the document, without even being prompted to enter a password. Not only that, but Podofyllin still shows the complete text content of the ‘protected’ PDF to make copying of text even simpler.
Repeat the same process, but this time only tick the checkbox to protect the PDF from printing. When you open that PDF in Preview, Get Information on the document, and you’ll see that it is encrypted, but according to Preview printing and other features are freely permitted. Should you try to print that protected document, Preview doesn’t prompt for any password, nor does it warn you that printing isn’t allowed. Instead, you can go right through the process of printing, which just generates blank pages instead.
To get either of these finer controls to work in Mojave or Catalina, you have to tick both boxes, to prevent copying and printing, and provide a password. Open that PDF in Preview, and any attempt to copy from it, or to print it, will present you with a dialog in which you must enter the document’s password before it will allow that action.
So much for Preview. What about other apps like Podofyllin? Because macOS leaves it to apps to implement most of the protection, Podofyllin side-steps them, albeit unintentionally. Open your no-print no-copy protected PDF in Podofyllin, and although you’ll be unable to copy or print from it, and it doesn’t offer any password entry dialogs as does Preview, its text view still works fine, and enables you to copy as much text as you want from the PDF, and you can still export the whole document in Rich Text or plain text.
One slight strangeness you’ll observe in Podofyllin is with its source code view: this still shows the original encrypted source, but the internal source in the upper section of that view is totally blank.
As it stands in both Mojave and Catalina, support for protected PDF documents is incomplete and of limited use. It’s also so confusing that most users will want to avoid it altogether. If you need to protect a PDF document, it’s best just to encrypt it using a regular utility.