The macOS Finder is a master of illusion, but one of the golden rules of its magic has been never to lie to the user. When you Get Info on a folder or file, you should be able to believe what it tells you. If it says that as a user “You can read and write” to a file, and shows you a preview of the contents of that file, then you should be able to trust it, shouldn’t you?
But you can’t any more. Even though you may be fluent in permissions, adept at ACLs, and know the different lists in the Privacy pane off by heart, Finder now lies openly about such important matters.
Take the example of a Property List file which should be in every user’s Home folder, inside the Preferences folder in its Library: Here’s all about this rather mundane and uninteresting little file, using Get Info:
Note well what the Finder tells you about it: it’s not locked, there’s no additional info other than it was last opened very recently, you can see its entire contents in the preview, the Finder states explicitly “You can read and write”, it’s owned by you, and you do indeed have Read & Write access to it.
Its QuickLook thumbnail again reveals its entire rather dull contents too.
What if I were to tell you that macOS privacy controls on that file prevent the apps that you run from even reading that file, let alone writing to it, unless you go out of your way to add that app to the Full Disk Access list in the Privacy pane? Why, though – it’s in ~/Library/Preferences, which isn’t one of the folders which Catalina treats specially, nor is it part of any of the other protected resources listed in the Privacy pane.
Yet an app like my PermissionScanner tells the truth about this file, and three others alongside it in ~/Library/Preferences. Run PermissionScanner on that folder, without adding that app to the Full Disk Access list, and it will inform you that isn’t readable or writable at all, despite it being owned by you and having correct permissions set.
As Jeff Johnson @lapcatsoftware pointed out, the Finder app has so many entitlements that little is going to stop it from reading such protected files. There’s nothing intrinsically wrong with that Property List’s protection, but why should the Finder keep this such a secret from the user? Indeed, where has Apple warned us that four stray files in an unprotected folder have this very special privilege of being protected in this way?
It’s not even as if the protection being applied to these four preference files is a passing phase, or easily read from a property list detailing these additional privacy protections. They’re hard-coded into the Sandbox kernel extension itself, and only to be found there if you happen to search its binary for text strings, something even the expert user isn’t likely to do. The only conclusion is that Apple has taken to being deliberately secretive about such protected files in macOS.
None of this would be particularly important were it not for the fact that macOS has a longstanding problem with preference files in ~/Library/Preferences being given the wrong permissions, which according to Apple can result in any of a dozen quite serious problems. So Apple advises users that they may need to correct those permissions, knowing full well that four of them don’t tell the truth anyway.
Negotiating Catalina’s files and folders is trickier than finding the North-West Passage. We’ve got protected Photos libraries, Calendars and Address Books, busy folders like ~/Documents, every single removable volume, and now four individual files in ~/Library/Preferences which aren’t listed anywhere that I can see. It’s time for Apple to ensure the Finder tells users the whole truth about protected files and folders and stop misleading us. After all, Apple wants us to trust its protection of our privacy. So why can’t it trust us to know what is being protected?