Barnes TechRecently Daring Fireball and Six Colors posted articles about how obnoxious Apple’s security prompts have become, particularly when you’re setting up a new device.
Six Colors - A picture is worth a thousand permissions requests
Daring Fireball - MacOS Security Prompts Need a Rethinking
Both are worth reading, and I completely agree. I understand Apple is trying to help people be as secure as possible, but I think they’ve gone too far for most people, honestly. The actual things they are doing for security may be fine, but the implementation has become a huge pain to deal with. The picture posted at Six Colors almost feels like a joke, but it definitely isn’t.
There are 2 scenarios I run in to frequently -
Power Users
First, my own experience, as well as colleagues I work with. I am in the IT field, working for an Apple Consultant that specializes in helping companies with their Apple products. We do setups a LOT, both for ourselves and for customers, and it has become a huge pain to deal with all of these prompts. From an admin perspective, I really want the ability to just set all of the settings I want in bulk. For me, I know what I want my computer to do and not to do, and I’m tired of fighting with the system every time, with every individual pop-up that comes up. Some of this can be deployed via MDM, which helps, but I’d still like a way to just do this in bulk on my own. Make it difficult to do so people won’t ever accidentally do it, but some way would be great.
On that note, I understand why Apple makes it so difficult to screen share with someone, but it’s a bit ridiculous. In my opinion, at the very least, if a device is purchased for a business via Apple Business Manager (ABM) so that it’s part of the Automated Device Enrollment, you should be able to deploy a Privacy Profile that allows apps to screen share without the end user approving it. I think it’s fair to say that it shouldn’t be a completely silent screen sharing, but it needs to be easier to do. Sonoma shows in the menu bar when an app is screen sharing, which I think is a good thing, and should stay in place. Maybe a good middle ground would be to allow an app to screen share, but prompt the user with an “approve” and “deny” pop up when the app tries to screen share. This would be easier than the current method of going in to System Settings and enabling screen sharing for the app, and requesting that the user quit and re-launch the app.
We use Splashtop to screen share with clients all the time to help troubleshoot. Even though we deploy it and do as much as we can to approve everything possible with a Privacy Profile, nearly every time our customer gets confused with approving screen recording in System Settings. It’s just not a good experience. Prompting the user with a simple prompt to approve or deny access would be much easier.
Other Users
The next scenario is far more common. In my experience, the average Mac user just doesn’t understand all of the prompts that come up, and in many cases just click something to move past the prompt, often with unintended consequences. For instance, I have had to fix several family computers because family members don’t understand the login item prompts coming from more recent macOS versions, and then they don’t understand why some apps don’t work well any more because they can no longer run in the background. Is this increasing their security? I would argue it doesn’t because they don’t understand it.
Too many prompts are not educating the users on what is happening, it just feels like poking the user in the eye several times as they set up their new Mac. This is something Apple needs to figure out how to do in a better way that doesn’t take forever, and explains in simpler terms what it is asking, as well as allow them to bulk accept some of these prompts.