Notice how at one end of the spectrum alerts are useless to users who do not understand the implications of allowing such access, and on the other hand, experts want to turn them off.
So for the benefit of a few power users in the middle of the spectrum who feel safer with these, everyone else gets annoyed.
I don't think anyone really understands the implications because you can't see if the app is going to abuse the power it has provided. Of course, if I install Zoom, I will give it access to the camera. It's affordable for an app of that genre. But I don't know if it's going to try turning on the camera at times I didn't expect. And there is no one, not Apple, no review or a friend who can definitely tell if an app is reliable. Even a truly good developer may have compromised their signing keys.
It's not that I want to turn off the alerts, exactly. I appreciate being able to see what privileges an app wants, so I can compare them to what I think it should. I want to know if an app is doing something unexpected. The problem is that the alerts are annoying and not very informative. And some types of access can only be given in clumsy ways like going to System Preferences, selecting the app from an open panel and restarting it. It would also be nice to see in front of everything the app wants to do, so I won't be asked repeatedly.
Secrets has this cool feature when you set up two-factor authentication where it will automatically search open windows for the moment. QR code with the sample value. At Catalina this is now so cumbersome that it is only easier to manually enter or copy / paste the value. So long after "surprise and joy."
Still, some would say, "but I want to know if the app does it!". It is fair. Alerts are not the way to do it. There is a better solution [for live data] and Apple is already using it for location services.
I'm not sure passive notification alone is enough for microphone and camera access, because the app can start recording when you're not watching appear to see the notification.
But I love the general idea of having a way to revise what an app did after that. In other words, instead of blindly relying on Secrets at first launch and forever afterwards, I will be able to see that it only reads my content window when I set up 2-factor. If I provided a Full Disk Access app to install a Mail plug-in, I would be able to see that it cannot access other, unrelated files.
Furthermore, I have a way to confirm later instead of just relying on the front would help with the information asymmetry problem. Deceiving the user about what an app does will no longer work in the long run because scary apps would be trapped. And conversely, there will be evidence that expected good apps are actually well-behaved.
I like this one a lot. An audit-like feature, although something will not be used by everyone, can provide evidence after an app breaks that promise to the user, and that the version can be banned by the OS directly, helping other less experienced users.
ie. Rely on apps by default, but have a heavy hammer for platform offenders, who do not responsibly reveal what they do under the hood. Users will not be bothered all the time and can enjoy their apps, and an abusive app can be wiped and the user can be notified why.
I think Apple needs to improve the granularity of some access.
Like why is photo / media access all in?
Ex: I wish I could let an app add photos and videos to the photo library, but NOT read anything.
Same for contact and calendar: can store in it but not read.
Stay tuned by subscribing to the RSS feed for this post.