Users can run our apps on Macs with Apple Silicon via the "iPad Apps on Mac" feature.
The apps use PHPhotoLibrary.requestAuthorization(for: .addOnly, handler: callback) to request write-only access to the user's Photo Library during image export. This works as intended on macOS, but a huge problem arises when the user denies access (by accident or intentionally) and later decides that they want us to add their image to Photos: There is no way to grant this permission again.
In System Preferences → Privacy & Security → Photos, the app is just not listed – in fact, none of the "iPad Apps on Mac" apps appear here.
Not even tccutil reset all my.bundle.id works. It just reports
tccutil: Failed to reset all approval status for my.bundle.id.
Uninstalling, restarting the Mac, and reinstalling the app also doesn't work. The system seems to remember the initial decision.
Is this an oversight in the integration of those apps with macOS, or are we missing something fundamental here? Is there maybe a way to prompt the user again?
