Comment by what
13 hours ago
Isn’t it exactly the same on iOS? If you select a folder, the app gets a security scoped URL for the folder and can read/write the entire tree. The app can also then create a bookmark to persist the security scoped url and use it whenever in the future.
That URL should expire after a relatively short time.
This rules out entire classes of app and would make using a computer a miserable experience.
For example let's say you want to make an app that every day writes a backup to a particular location e.g. 1Password can do a daily backup of your encrypted passwords to a backup location.
Or, let's say you want to make a GUI around a command line program that stores its config as a dotfile.
Without a way to save access to file system locations persistently, apps would be forced to constantly shove open panels in your face all the time.
Expiration depends on how the app has implemented the request for access. Granting access creates a security-scoped bookmark. The app can store it and use it the next time access is required which will bypass the prompt and the bookmark will remain valid in perpetuity (or until tcc reset), or the app can not store it and request permission every launch.
IIRC the bookmark is a base64 encoded plist containing bunch of data about the file/folder. A quick search got me this: https://www.mothersruin.com/software/Archaeology/reverse/boo...
“Should” meaning “I believe it currently does expire after a short time”?
Or “should” meaning “Apple should change this to expire after a short time”?
It doesn’t expire, you can even move the file and you can update the bookmark to follow the move.
There are legitimate reasons to give an app persistent access to a file or directory. Maybe you want it to write to a particular directory in your iCloud storage or whatever so it syncs without having to select the directory every time. A note taking app for example.
No, it shouldn’t. There are real reasons to give persistent access to a particular directory. Maybe you want your note taking app to put all notes in a directory for iCloud/dropbox/google drive/some other sync service.
I am baffled that anyone thinks implication-of-action ambiguity and hidden security states without obvious controls, are acceptable security practices.