The Illusion of Privacy & Security Settings in macOS

In a revealing demonstration, I explore how macOS Privacy & Security settings might mislead users about app permissions. Using a custom app called Insent, I show that despite what settings indicate, apps can access protected folders like Documents without explicit consent. Insent, running on macOS Tahoe 26.4, uses two key functions: 'Open by consent' and 'Open from folder'. The former requires user consent to access files, while the latter exploits user intent to bypass consent requirements.

By following a series of steps, I demonstrate how Insent can maintain access to the Documents folder even when settings suggest otherwise. Disabling access in Privacy & Security settings doesn't prevent Insent from accessing files if the user selects the folder through an Open and Save Panel. This discrepancy arises because the macOS privacy system, TCC, doesn't accurately reflect the actual permissions granted when user intent is involved.

The demonstration reveals that the system's sandboxing mechanism, which should restrict access, is bypassed when user intent is detected. This results in a situation where the Files & Folders settings show restrictions that aren't enforced. Consequently, an app might have full access to protected folders while appearing blocked in settings.

This issue isn't just theoretical. Many users have reported apps accessing folders like Documents without appearing in the Files & Folders list. This suggests that the sequence of events allowing this access does occur, albeit unintentionally. The permanence of this access is particularly concerning, as resetting it requires a complex Terminal command and a system restart.

Ultimately, this demonstration highlights a significant flaw in macOS's privacy controls, where user intent can inadvertently grant apps unrestricted access to sensitive data. This raises questions about the reliability of Privacy & Security settings and the potential for misuse.