CCATP Podcast Explains the macOS Sequoia Beta’s Excessive Permission Requests
Apple has said nothing more about the nag level of screen recording permissions requests in the betas of macOS 15 Sequoia since I wrote “macOS 15 Sequoia’s Excessive Permissions Prompts Will Hurt Security” (12 August 2024) and “Apple Reduces Excessive Sequoia Permission Requests, Shifts to Monthly” (19 August 2024). I think it’s important to keep up the pressure since Apple has given no indication of backing off from its “compromise” of asking for continued permission only 12 times per year instead of 52 times (plus every restart). To that end, I raised Allison Sheridan’s blood pressure by explaining the situation on her Chit Chat Across the Pond podcast. If you’re still unclear on what’s happening, give it a listen, and then be sure to tell Apple what you think.
I made a Feedback case:
After trying to use the color picker in Affinity Designer I got the attached dialog. FFS I'm only trying to use a fucking color picker. The app is not trying anything nefarious. It's bad enough that I have so many stupid security warnings and dialogs. But I don't want any dialog to show up once a month. The app has gotten the necessary security approvals. AND THAT SHOULD BE ENOUGH.Recent similar reports: none.
Apple can’t even count to 30 when trying to log into AppStoreConnect.
My sense here is that they’re missing the boat in part by ignoring the frequency with which you use the app in question. If you’re using something like Zoom 2-3 times a week, then you know darn well that it’s accessing your camera and microphone, you’re actively using that way, and it’s absolutely silly to keep asking you to confirm that permission weekly, or monthly, or even annually.
But if there’s some app you used once and haven’t touched in six months, and then you launch it, it may make sense at that point to re-confirm the privileges you’ve granted.
That also makes the unusual app stand out from the stuff you consistently use – and repeated requests to authorize apps you consistently use is an excellent way to condition users to grant permission without paying attention. And that’s the absolute worst thing to do for long-term security.
Dave
I totally agree. I have a weather app I use all the time on my iPad and yet I still get “Are you sure you want to grant location privileges to this app?” alerts. It’s ridiculous.
Another similar issue is the constant need to re-enter my passcode. I have multiple Macs, several iPads, and an iPhone. Despite them all using biometrics (face or fingerprint ID), it seems like every frickin’ day at least one of them needs my passcode. Drives me crazy.
While occasionally asking for the code makes sense so you don’t forget it (I’m okay with the way 1Password works by asking for the master password every 30 days), why does it have to be so often and why can’t the devices stay in concert so no more than one of them a month asks me? It’s enough to make me want to use a shorter, less secure passcode that’s easier to enter! That’s the opposite of the goal.
I dread the thought of this spreading all over the Mac. Between my different devices and machines, I’ll be spending half my day okaying the same behaviors – like location permission for the same weather app on several Macs, iPads, and iPhone. Bad Apple!
I also agree with that 100%. You’d think with all the AI/ML hoopla being tossed around these days, this would be low hanging fruit. Really low in fact, considering that a conventional good old simple algorithm could likely implement this in a quite reasonable way already. Then add in Apple Intelligence [sound bugles and horns here] and we’d all be singing praises like pretty little pink angels in a late baroque mural.