You Can't Trust macOS Privacy and Security Settings

Apple’s Transparency, Consent, and Control (TCC) framework is the cornerstone of macOS privacy, letting users grant or deny app access to protected locations such as Documents, Desktop, and Downloads. In theory, the Settings → Privacy & Security → Files & Folders pane provides a clear audit trail of which apps hold those permissions. The recent Insent demonstration, however, reveals a mismatch: an app can retain full access to a folder even after the UI toggle is turned off, as long as the user later opens the same folder through the standard Open‑and‑Save dialog. This behavior stems from macOS treating user intent—explicitly selecting a folder—as an implicit consent, bypassing the sandbox checks that normally enforce TCC rules.

The technical root lies in how sandboxd intercepts file‑system calls. When an app requests a directory listing without prior consent, sandboxd forwards the request to TCC, prompting the user. Once consent is granted, the permission persists in the TCC database. Disabling the toggle only affects future consent‑based requests; intent‑based accesses are exempt, leaving the original grant untouched. Consequently, the Settings pane can display a disabled state while the underlying permission remains active, a nuance most users and administrators won’t notice without digging into system logs or using the `tccutil` command.

For businesses that rely on macOS’s privacy guarantees, this discrepancy poses a real risk. Malicious software could silently harvest documents after a single user‑initiated file‑open action, evading detection by standard UI checks. Mitigation includes regularly auditing TCC entries with tools like `tccutil list`, enforcing strict endpoint protection policies, and educating users to reset permissions via `tccutil reset All <bundle-id>` after any suspicious activity. Apple may need to surface intent‑based grants more transparently in future OS releases to restore confidence in its privacy model.