How much data can an app steal from my MacBook if I allow its system-wide execution?

Deny any app that needs a background helper and elevated access would be the safe way to sandbox and protect your data.

  • If you grant full disk access and your admin password, all of your data is exploitable.
  • If the intent of that program is to harvest and exfiltrate the data, it can read everything. Not all apps will do that or even be programmed correctly if the intent is to harvest data, but you’ve opened the gate if you allow that entitlement.

(Since you didn’t name a specific app, we can’t weigh in on how secure or like malware it might be - it could be very well designed and not designed to harm your privacy. )

Sounds like the install process is game over for you in this case. Apple ships malware detection and removal tools, and goes to great lengths with these alerts, a framework for code signing, and putting up these restrictions to get most people aware and to say no to apps asking for permissions they have no need to run.

As to everyone thinking there is no risk, that’s hyperbole at best. Here is where I would start to educate and protect your Mac and learn about malware detection and options.

  • https://objective-see.com/products.html

This is not an exact answer to what you are looking for, but it is ONE way that you can keep your system safe.

Basically it is an outbound firewall that I have been using for years (I hold no interest in the company, just a happy customer) and it is called Little Snitch.

Basically, once installed, it monitors ALL network traffic and throws up a warning when it sees any. Training it to respect your preferences can be a bit tedious as it presents a dialog on absolutely everything on the Mac that wants to talk to something on the internet.

But with a little perseverance and some intimate knowledge of what certain processes are you can essentially block anything that wants to initiate anything in the way of an outbound network connection. It's not free but worth every penny.

There are likely other things out there that might do the trick. I think there is a Docker project for the Mac, but I have no expertise or knowledge of it other than it (may) exist. But Little Snitch is a worthy addition to every Mac user's Mac who enjoys fiddling around with more than email, a web browser and a few apps & games.