Seven different locations examined to see how privacy protection is applied to them, including control over writing files, and listing folder contents. Some surprises too, and a new version of Insent.
TCC
How to gain access to the contents of privacy-protected folders even though Privacy & Security settings say that access is denied.
How are folder protections implemented? How do settings for Full Disk Access interact with those in Files & Folders for specific protected locations? And how does this involve making screenshots?
How TCC gets to authorise whether apps can obtain listings and open files in protected folders. The attribution chain and its effect on command tools.
Privacy protected folders are widely misunderstood and users end up giving apps Full Disk Access unnecessarily. Concepts are explained and experienced using a simple app, Insent.
Which problem-solving techniques are still available in macOS Tahoe? While Intel Macs still have a few, Apple silicon Macs don’t have many left.
Deconfusing the term permissions from security controls and privacy protection. While permissions are set in a file’s attributes, privacy is controlled through elaborate rules.
XProtect, XProtect Remediator, XProtect Behaviour Service, kernel extension excludes, incompatible apps, and some historical remnants, including a database that’s downloaded then vanishes.
Overview of how different subsystems work together during launching a notarized app, from LaunchServices to checking WritingTools and AI availability.
The difference between security and privacy, how consent and intent are obtained, how this works with command tools, important links, lists of protected resources and tccutil arguments.
The Eclectic Light Company 