FB5539027: Apple Events: Instead of a per app authorisation prompt, move to a per access group (if needed) #18
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description
This is a duplicate of radar #44079032
With Mojave, sending an Apple Event to another app will elicit an authorization prompt to the user. Even in cases where the Apple Event is simply soliciting the opening of a new Safari window.
An app's scripting interface isn't inherently privacy sensitive. Treating all an any of these interactions as sensitive burdens the user experience and contributes to training users to ignore security dialogs.
Since 2012 apps can group related parts of their scripting interface using the access-group feature in their .sdef files. What I suggest is to augment that feature and let the app decide whether or not that particular part of the API is privacy sensitive.
This would allow innocuous scripting APIs to run un-prompted and greatly reduce the burden on the user. It would also incentivize developers to annotate the scripting interface to avoid the catch-all prompt when it's not needed.
The text was updated successfully, but these errors were encountered: