I have a lot of apps that, as part of installation, request “full disk access” to my Mac, which is a bit unsettling to me… is this what sandboxing is all about? If not, is it secure?
In my experience, more apps ask for full disk access than need it. For example, Carbon Copy Cloner and Backblaze asked for full disk access, and I granted it to each of them, because unless they could access my data they would not do what I purchased them for. On the other hand, Typora asked for full disk access and I denied it, because the files Typora uses for me are in a specific folder and no where else. Typora didn’t fail to work, and so I think the developer was just not paying attention when they designed the app to ask for full disk access.
Full disk access is part of the controls in System Preferences > Security & Privacy > Privacy. The term “full disk” is a bit misleading, as the scope of the permission is narrower. This is what the Privacy panel describes the permission as:
If an app needs full disk access and doesn’t get if from you, then the app will crash and you’ll have do decide to trust it or not if you want to continue using it. Once you grant access you can retract it.
“Gatekeeper” is about controls on what apps can be run on macOS and deals with the protecting the integrity of the operating system. Full disk access falls in the “sandboxing” arena, which are the controls Apple provides to protect the integrity of your data.
3 Likes
I’m pretty sure you can cancel Full Disk Access. You can remove the app from the list or uncheck the check box…
sorry, I’m just a little stupid today
NP. Stupid happens to me most days.