Please humor me, why in the world does an app need to read/write your screen? It is provided a window for that.
If it doesn't need to read/write your screen in order to provide its features, and then does it, wouldn't you agree that something is fishy? Wouldn't you like to know when fishy things are going on?
What is the point of security if any app you download can see everything you do?
> Please humor me, why in the world does an app need to read/write your screen?
The most obvious answer would be to take screenshots, like GIMP's "Create from screenshot" command or a dedicated program like the snippet tool in Windows. Many graphics tools offer that functionality, even some that you can run from the command line.
Other, similarly widely available functionality, is to record the desktop - a common functionality needed for screencasting and video streaming (think Twitch) programs. This also need to capture audio. Also a more niche tool is to create captures directly to GIF files (i have such a tool both in Windows and Linux).
Of course less commonly implemented but still very useful functionality is for remote access/remote desktop (in which case you also need to also capture input events but also create fake input events indistinguishable from the user's events).
Finally several utilities also benefit from being able to read the screen, like utilities to magnify and perhaps enhance part of a screen (that can be useful for people with sight issues, or for developers to inspect the output of a graphics program at the pixel level without flattening their face on the monitor) or utilities like color pickers or even just funny toys that manipulate the screen contents (i've seen a game at the past grab a screenshot of your desktop and then zoom it out when you launch it).
> What is the point of security if any app you download can see everything you do?
I'd turn that around: what is the point of security if the apps you download cannot do their job because of it? At the end of the day computers need to be useful, not to be burned and buried in a waste disposal field (where they'd be in their most secure state).
> not to be burned and buried in a waste disposal field (where they'd be in their most secure state)
This is just a simple strawman.
It's not that hard to have a middle ground, just disallow apps from using things like your webcam or screen without your explicit permission. Just because 1 program uses that functionality doesn't necessitate it to be common to every single program you ever run.
iOS already manages this. Just have a notification pop up when you use the program to allow X access from system settings. Certain programs already do something similar by requesting access from Accessibility, like window managers (albeit that's to get around certain limitations).
If someone figures out a way for this sort of thing to be unintrusive while still being effective, i wouldn't mind it but i haven't seen anything like that. The notification popups you suggest are both intrusive and ineffective because, honestly, if i want to do some task anything that tries to alert me about something unrelated to that task ("hey, this needs net access" - sure, ok whatever... i cannot think about that right now, i need to actually do what i want to do) is something i am very unlikely to put any thought over so i'll just accept. I mean, i used to check the permissions on my Android mobile but after a year or so i stopped because at the end of the day the question is "do you want to run this program or not"? And considering i already downloaded the program to run it, the answer is obvious.
This stuff is really barely a notch above expecting people to read EULAs.
How often do you think most users read the screen, especially using something other than the screenshot tool of the operating system?
As an iOS developer I run Xscope to check details of designs, I don't know, maybe once every two weeks? And I guess I've probably used Acorn's color picker outside its own window during the last year, but I'm not sure about that.
I'd imagine that most users need apps reading arbitrary pixels off their screen less often than I do. I'd appreciate a warning from the operating system when an app tries to do that.
I do not think the frequency of needing that functionality is really relevant when you need to use it - you can either do it or you cannot.
But there are users who do need to use applications that capture the screen way more often than once every two weeks. One example would be Twitch and YouTube streamers (not necessarily about games - many stream other things, like creating art, programming, composing music, etc) who do that for several hours every day.
> do you think most users
There is no point talking about "most users" because really anything can be attributed to what "most users" do or do not - "most users" is not something that is well defined. We can only talk about specific use cases.
After all, all users (which by definition include most users) start as not being able to do anything, that doesn't mean the OS should not be able to do anything.
> As an iOS developer I run Xscope to check details of designs, I don't know, maybe once every two weeks? And I guess I've probably used Acorn's color picker outside its own window during the last year, but I'm not sure about that.
These are also useful examples for cases where you need screen reading, but these are really niche. The most common is probably streaming, as i mentioned above, but there are also other cases where you need frequent screen reading capabilities - for example documentation writers will often need to capture parts of the OS, either as screenshots or as short video segments (for interactive docs) to use as part of the documentation. It is also very helpful for customer support - in both sides of the equation (in a company i worked many years ago, the employee responsible for tech support had SnagIt open all the time).
> I'd appreciate a warning from the operating system when an app tries to do that.
I suspect that if that warning comes as part of your screenshot or video capture you wont appreciate it that much :-P
But this is not about removing the ability to read screen content. It's about removing the ability to read screen content without telling the user.
That's why I think questions about frequency and "most users" (nebulous term, I admit) come into play: yes/no permission dialogs aren't the best and many users do just click through them without thinking, but there's a world of difference between asking several times a day and asking a couple of times a month.
If my usage is far below average, then I agree that it's probably better not try to restrict it. If, as I would guess, I use it more than most, then it feels exceptional enough that letting the user know when it's happening would be fine.
If you could give a permanent permission to a given app, I'd imagine even the daily streamers wouldn't be too badly inconvenienced.
> I'd turn that around: what is the point of security if the apps you download cannot do their job because of it? At the end of the day computers need to be useful, not to be burned and buried in a waste disposal field (where they'd be in their most secure state).
I'd like to phrase it as "security vs. usefulness, pick one".
Unfortunately, I don't see a good way out of this. The more secure apps and the OS gets, the less useful it is - it loses composability and interoperability, any remnants of them being mediated by third parties (basically, see how SaaS apps talk to each other, and imagine this is your desktop now). But the more useful an app or OS is, the easier it is to make users selfpwn themselves through a stupid or compromised download.
I refuse to accept that I'm not allowed to do whatever I want with my own device, including running code that does whatever it wants with other applications, and especially things the authors of those other applications didn't anticipate or want me to do. But then, I can't see how a regular person could use the same computer without fear of their passwords or data getting stolen.
Are there any smart people working on this? Do they have any suggestions?
I'd like to know about it indeed, what i wouldn't like is to be spammed with annoying UAC-like questions every time an application needs to do something or even worse: not being able to do it.
And no, i wont get spyware, i never got spyware in the three decades i use software when desktop systems were at the apex of their popularity and i used the most popular of them - i doubt i'll get any sort of spyware today, especially when i'm not even using an OS that spyware authors would even bother with.
The very article of this post is an instance of spyware that any developer can implement. In effect, if you're using a Mac, any app can be spyware and you will never, ever know.
I didn't say that it is impossible to create spyware, i said that I wont get spyware. I am careful about what sort of software i download and i don't do it from shady places, at least not without first trying it in a controlled environment.
Note that i am not against such environments, quite the opposite, although i tend to prefer VMs like VirtualBox instead of OS sandboxes because - as the linked article shows - they are not as safe as VMs (yes i know that VMs can also be compromised but it is much harder and way more rare).
I believe that applications that run locally in my computer should be able to do whatever they please (if bugs wouldn't make it impractical, i'd also like it if they could read and write each other's memory), but a consequence to such a setup is that you need to be careful for what applications end up in the computer. So i am very thankful for any tool that does that - as long as it remains a tool and not impose itself without my will.
You, my friend, are vulnerable like any other Mac user, to a trustworthy piece of software that has but a single dependency implementing the screen-reading mentioned in the article. Don't think for a second that "being careful" will save you. Apps aren't open source. This is the point of this article.
Something being technically possible and something being done are not the same. As i already wrote, it might theoretically be possible to create a spyware, but unless i download a program that does that it wont happen.
Programs cannot decide by themselves to be installed into a computer without some prior action from the user, it is the user who has to do something for them to install themselves. And no two users do the exact same sequence of actions to be able to claim that all users have the same likelihood to be affected by spyware.
Also FWIW when i use "apps" i mean it as a shorthand for "applications" and for a few messages already upwards in the thread the discussion isn't just about macOS but regardless of OS. So apps can be open source (and personally unless it is some piece of software i trust - usually older widely used programs - or some game i got from a place i trust, i stick with open source apps with security being indeed a major reason).
Something malicious being easily technically possible with no risk and significant economic upside will statisically occur due to simple distribution of motives at large.
+1, only you can decide to install a program. However its total functional scope, "what it does", is never fully known, unless it is open source. "Doing research" about the developer will not solve the lack of transparency in the tool you're installing. It is the consumer OS's responsibility to make sure third parties don't get access to data consumers would deem sensitive, without proper authorization.
If it doesn't need to read/write your screen in order to provide its features, and then does it, wouldn't you agree that something is fishy? Wouldn't you like to know when fishy things are going on?
What is the point of security if any app you download can see everything you do?