What does it mean to give apps access to Documents folder on Mac?

macos file mac security filesystem

Solution 1:

The normal Unix permissions system gives the user an area of the disk for their files (the user domain). Apps and other processes launched by the user run 'as the user' and can read and write anywhere in the user domain, (but not in another user's domain, or in system areas.)

Similarly, processes run by other users can't read or write in your user account. (Note that System processes are often 'other users'.)

Catalina and Big Sur are even stricter, requiring the user's express permission for an app to read and write to the Documents folder. This essentially creates a white-list of apps that are allowed in the Documents folder. There are similar white-lists for your Desktop folder, Downloads, and network volumes and external drives.

This added security means that a malicious app, unwittingly launched by the user, can't access your files in the Documents folder, without your express permission. Thus, the Documents folder is safer than other folders on the disk.

Other folders in your user domain are not protected in this way, and can be read or written by any process that you launch.

It comes at the cost of a significant annoyance factor and user tendency to click "Yeah, yeah, yeah" whenever they see it, which somewhat reduces its efficacy.

Normally, we expect apps to be able to read and write our files. If MS Word couldn't read .docx files, and couldn't save them either, then the app would be useless.

You can reasonably expect commercial applications not to rifle through your correspondence in the hope of finding and transmitting something of use or value. The discovery of such a practice would lead to customers abandoning the app, and likely legal proceedings. (Unless you've agreed that the company can scan your data, as with Gmail and Google docs.)

The best way to secure your data is by encrypting your disk with FileVault, using strong passwords on the user account at login and wake from sleep, and by following good practice for safe computing, e.g. not downloading anything from dodgy sites, or when told 'you need to install Flash' etc.

Related

Before Catalina, do live photos count as both photo and video in the "Photos" app tally?
Is running an app directly after opening .dmg file without installation safer than installing it?
Applescript to find application path from partial app name?
How to connect 2 external non Apple monitors with 13" MacBook Pro 2017
My touchbar works but is blank? [duplicate]
Wifi dropping out for no particular reason [duplicate]
MBP 15" Retina problems: one display hinge is way too tight
Is my SSD failing?
macOS Utilities doesn't recognize internal ssd (but normal usage is working fine)
MacOS kernel panics when unmounting Time Machine disk images over SSHFS mount
How can I move my photos from my iPad storage to my Windows 7 computer without a USB cable, AirDrop and iCloud?
CPU and RAM usage statistics for iPhone/iOS (similar to Activity Monitor)?