One of the requirements of App Store apps is that they run in a sandbox. What does mean, and how does it affect the app? And why does privacy protection also use a sandbox?
privacy
How to gain access to the contents of privacy-protected folders even though Privacy & Security settings say that access is denied.
How are folder protections implemented? How do settings for Full Disk Access interact with those in Files & Folders for specific protected locations? And how does this involve making screenshots?
How TCC gets to authorise whether apps can obtain listings and open files in protected folders. The attribution chain and its effect on command tools.
Privacy protected folders are widely misunderstood and users end up giving apps Full Disk Access unnecessarily. Concepts are explained and experienced using a simple app, Insent.
How to remove all the privacy redactions, and reveal network diagnostics including the URLs connected to by your Mac.
Local network privacy protection, introduced in macOS Sequoia, doesn’t use TCC as most others do, but sets up a packet filter in Network Extension. Here are details.
Although Sequoia and Tahoe have restrictions on what can connect to local network addresses, most everyday features are exempted. This explains what you need to know in case you come across one of its privacy prompts.
Why do so many files now have quarantine and other extended attributes, although they’re not apps, and may never have left that Mac?
Deconfusing the term permissions from security controls and privacy protection. While permissions are set in a file’s attributes, privacy is controlled through elaborate rules.
The Eclectic Light Company 