Is macOS Sequoia’s Privacy Focus Becoming Overbearing?

Toggle Dark Mode
Recent developer and public betas of macOS Sequoia have sparked some controversy, with new privacy protections that some feel cross the line between safeguarding user privacy and treating Mac users like toddlers.
Slated to become Apple’s next big desktop operating system release, macOS Sequoia 15.0 has been in beta since Apple’s Worldwide Developers Conference (WWDC) in June. This year, Apple also took the unprecedented step of releasing a parallel macOS 15.1 beta to introduce its new Apple Intelligence features to developers ahead of their later public release. However, macOS 15.0 and 15.1 are virtually identical other than the new AI capabilities.
Even without Apple Intelligence, macOS Sequoia will bring plenty of fun and useful new features to the table, including iPhone Mirroring to let you control your iPhone from your Mac — even when it’s sitting in your bag with the screen locks, along with a new Passwords app and some nice user interface improvements that add things like window tiling.
With those new features, Apple is also clamping down on some of the safety features in macOS to make it harder for inexperienced users to shoot themselves in the foot by enabling things that could compromise their security and privacy. However, like most safety features, these also complicate life for experienced power users who know what they’re doing and want to get on with their work.
A Stronger Gatekeeper
Apple has long offered a Gatekeeper feature that provides a strong defense against malware by making it difficult to run untrusted apps on your Mac. It’s a lighter version of the same technology that prevents sideloading entirely on the iPhone and iPad by ensuring that all apps are notarized with a digital signature before they’re allowed to run.
However, the Mac’s Gatekeeper differs in two important ways. First, Apple allows registered developers to have their apps notarized for direct distribution. This lets developers make them available through any channel, not just the Mac App Store, and they’ll still pass the Gatekeeper requirements. This is similar to what Apple is now doing in the European Union for the iPhone and iPad.
The second difference is much more significant. The Mac is a different animal from the iPhone and iPad as it began its life as an open platform and still competes with other open desktop operating systems like Windows and various flavors of Linux. As a result, Apple knows it can’t lock down macOS in the same way, so it’s always provided a way to bypass Gatekeeper to allow users to install “untrusted” apps from anywhere.
This allows small indie developers to create macOS apps without going through Apple’s registered developer program or having their apps notarized. Although most well-known developers still do this, it’s not uncommon to find smaller (or older) apps for the Mac that don’t meet the Gatekeeper requirements. These can still be installed on your Mac as long as you take an extra step to acknowledge that you’re sure you know what you’re doing.
Trying to open an unsigned app by double-clicking on it will fail with an error message telling you that Apple can’t verify the app is free of malware and providing an option to move it to the trash. However, with macOS Sonoma and older versions, you could override this simply by right-clicking on the app and choosing Open from the context menu. This would present the same dialog box to warn you the app is potentially unsafe, but it would add an Open Anyway button to let you proceed.
That’s changing in macOS Sequoia. After a few folks discovered the new behavior in earlier macOS 15.0 betas, Apple published the following developer news on August 6:
In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized. They’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.
The solution Apple mentions isn’t new. The Open Anyway option has always been available in the system privacy and security settings. Still, the right-click offered a helpful shortcut that was much faster than opening System Settings and digging down to find it there.
Whether this is a good thing or not is open to debate, but many power users question the need for such a change. For instance, Daring Fireball’s John Gruber isn’t a fan:
Is there any evidence that the Control-clicking shortcut was insufficient? If so, what is that evidence? It seems to me that the sort of technically unsophisticated non-expert users whom these features are meant to protect are the same users who have no idea the Control-click shortcut to launch non-notarized apps even exists.John Gruber
As a counterpoint, Arin Waichulis at 9to5Mac points out that It’s relatively easy for a malicious developer to walk an end user through bypassing these checks and points to a version of the Shlayer malware that did precisely this.
The same technique could be used to convince a naive user to visit the System Settings app and open the app from the security preferences, but Apple presumably hopes more folks will think twice before going that far.
While Gruber still thinks these decisions are either “being made by cover-your-ass bureaucrats for no good reason” or Apple is unwilling to admit that there’s been “a serious rash of unreported abuse of these features. While it may not yet be a “serious rash,” Waichulis does point out that Mac malware is increasing at an alarming rate, so perhaps this is simply Apple’s attempt to stem the tide.
Repeated Permission Warnings
The second controversial security and privacy change in macOS Sequoia is one that Apple has actually dialed back in this week’s beta, although it hasn’t eliminated it entirely.
Earlier this month, 9to5Mac’s Chance Miller reported that Sequoia had begun prompting users to acknowledge permissions for screen capture apps on a weekly basis. Miller spoke with multiple developers who had been told by Apple that this was an intentional change, not a bug.
By doing this, Apple seemingly wants to protect users from forgetting to delete or revoke permissions from apps they’ve only used once or twice. However, Apple isn’t splitting hairs here. Jason Snell reported at Six Colors that he was prompted to give permission to an app he’s used for over three decades to read his screen. That’s an app that should be considered well-trusted by any definition of the term.
But what Apple’s testing in the latest macOS Sequoia betas is brutal because there’s no end to it. It’s a subscription you didn’t buy and can’t cancel. Yesterday, I was prompted to give temporary permission by an app that I’ve used since the early 1990s to read my screen. Apparently, if I want to use that app, I will just need to keep approving it every so often. Numerous other screen-reading utilities may also be affected.Jason Snell
Snell adds that Apple’s changes risk “dialog fatigue,” where users may simply begin ignoring notifications that come up too often and agree just to make them go away. This ultimately defeats the purpose of these notifications and risks forcing Apple to take more draconian steps to ensure users pay attention, such as forcing them to open the Privacy & Security settings to reconfirm permissions every week rather than simply approving it in a pop-up dialog box.
The only piece of good news is that Apple has reduced the frequency of these popups in macOS Sequoia beta 6: they’ll now show up monthly rather than weekly. There are also some new entitlements that may allow certain apps to get around this with special approval, but Apple hasn’t communicated anything to developers about these changes other than to say that the repeated permissions prompts are intentional.