In response to Apple’s increasingly distrustful permissions prompts, it is worth thinking about what benefits this could provide. For example, apps can start out trustworthy and later become malicious through updates or ownership changes, and users should be reminded of the permissions they have afforded it. There is a recent example of this in Bartender. But I am not sure any of this is helped by yet another alert.
The approach seems to be informed by the Steve Jobs definition of privacy, as he described it at D8 in 2010:
Privacy means people know what they’re signing up for — in plain English, and repeatedly. That’s what it means.
I’m an optimist. I believe people are smart, and some people want to share more data than other people do. Ask ’em. Ask ’em every time. Make them tell you to stop asking them, if they get tired of your asking them. Let them know precisely what you’re gonna do with their data.
Some of the permissions dialogs thrown by Apple’s operating systems exist to preempt abuse, while others were added in response to specific scandals. The prompt for accessing your contacts, for example, was added after Path absorbed users’ lists.
The new weekly nag box for screen recording in the latest MacOS Sequoia is also conceivably a response to a specific incident. Early this year, the developer of Bartender sold the app to another developer without telling users. The app has long required screen recording permissions to function. It made some users understandably nervous about transferring that power, especially because the transition was done so quietly to a new shady owner.
I do not think this new prompt succeeds in helping users make an informed decision. There is no information in the dialog’s text informing you who the developer is, and if it has changed. It does not appear the text of the dialog can be customized for the developer to provide a reason. If this is thrown by an always-running app like Bartender, a user will either become panicked or begin passively accepting this annoyance.
The latter is now the default response state to a wide variety of alerts and cautions. Car alarms are ineffective. Hospitals and other medical facilities are filled with so many beeps staff become “desensitized”. People agree to cookie banners without a second of thought. Alert fatigue is a well-known phenomenon, such that it informed the Canadian response in the earliest days of the pandemic. Without more thoughtful consideration of how often and in what context to inform people of something, it is just pollution.
There is apparently an entitlement which Apple can grant, but it is undocumented. It is still the summer and this could all be described in more robust terms over the coming weeks. Yet it is alarming this prompt was introduced with so little disclosure.
I believe people are smart, too. But I do not believe they are fully aware of how their data is being collected and used, and none of these dialog boxes do a good job of explaining that. An app can ask to record your screen on a weekly basis, but the user is not told any more than that. It could ask for access to your contacts — perhaps that is only for local, one-time use, or the app could be sending a copy to the developer, and a user has no way of knowing which. A weather app could be asking for your location because you requested a local forecast, but it could also be reselling it. A Mac app can tell you to turn on full disk access for plausible reasons, but it could abuse that access later.
Perhaps the most informative dialog boxes are the cookie consent forms you see across the web. In their most comprehensive state, you can see which specific third-parties may receive your behavioural data, and they allow you to opt into or out of categories of data use. Yet nobody actually reads those cookie consents because they have too much information.
Of course, nobody expects dialog boxes to be a complete solution to our privacy and security woes. A user places some trust in each layer of the process: in App Review, if they downloaded software from the App Store; in built-in protections; in the design of the operating system itself; and in the developer. Even if you believe dialog boxes are a helpful intervention, Apple’s own sea of prompts do not fulfil the Jobs criteria: they most often do not tell users specifically how their data will be used, and they either do not ask users every time or they cannot be turned off. They are just an occasional interruption to which you must either agree or find some part of an application is unusable.
Users are not typically in a position to knowledgeably authorise these requests. They are not adequately informed, and it is poor policy to treat these as individualized problems.