top | item 23086877

(no title)

tumultco | 5 years ago

I've definitely seen apps that do provide instructions on how to do this; off the top of my head I know SwitchResX requires it for a lot of the features [1]. There was also the "varsectomy" bug debacle of Avid Media Composer users disabling SIP, which then lead to a bug where a Chrome update broke macOS [2].

I won't say "security" :) but I'm sure a lot of app developers do not want to be held responsible for jeopardizing users' machines or data.

While Whisk doesn't have to deal with SIP, it still has to get around sandboxing on the Mac App Store version to be able to read files that are associated with the .html page (like in an <img> tag). We pretty much need to throw up a scary dialog asking users to allow access via an Open Panel. On any "normal" (non mac app store) app this is implicitly granted, and I'm sure users don't give it a second though. I personally was worried about what the reaction to asking for permission would be and so wrote up a whole explanation on the sandboxing technology and reasons for our request [3]. Originally I did prompt the user to choose the root level of their file system, but App Store review would only approve of "project folders."

[1] https://www.madrau.com/support/support/srx_1011.html

[2] https://arstechnica.com/information-technology/2019/09/no-it...

[3] https://tumult.com/whisk/documentation/v2/app-security.html

discuss

No comments yet.