3 Replies
      Latest reply on Dec 3, 2019 3:00 AM by eskimo
      KramerGraphics Level 1 Level 1 (0 points)

        Hello all -

        I use a ton of apps to process loads of images.  The apps pass commands to finder, Illustrator, Photoshop etc.  Everything worked great prior to upgrading to Mojave.  Now I get constant and repeated warnings:

         

        "Someapp.app" wants access to control "Finder".  Allowing control will provide access to documents and data in "Finder", and to perform actions within that app.

         

        I get similar warnings for all of the apps, scripts, and the subsequent apps they call.

        How can I stop or bypass this?  It is absolutely crippling to automation!

         

        And yes, you can "allow" and the script continues to run.  The apps are then added to the Automation section of the Privacy options in Preferences.  This does not appear to stop the warnings however, as they return despite the apps being listed.

        • Re: Persistant Privacy and Automation warnings
          eskimo Apple Staff Apple Staff (12,425 points)

          Presumably you approve each of these accesses?  If so, that fact should be remembered and you shouldn’t get the same alert again.  If it’s not being remembered, the most common cause of that problem is a lack of code signing, or code signing that’s not stable.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Persistant Privacy and Automation warnings
              KramerGraphics Level 1 Level 1 (0 points)

              The code was not previously signed....and the approvals were not being remembered.

               

              We are in the process of getting setup with a dev account so that we can sign and recompile all of these.

               

              Is there no way to disable this entirely?  Even if the approvals were remembered, it still poses a HUGE set back to our workflow.

                • Re: Persistant Privacy and Automation warnings
                  eskimo Apple Staff Apple Staff (12,425 points)

                  We are in the process of getting setup with a dev account so that we can sign and recompile all of these.

                  Cool.  The issue here is that the code signature uniquely identifies the code, so if the code is not signed there’s no way to know that one instance of your app is the same as another instance [1].

                  Is there no way to disable this entirely?

                  That depends on your deployment setup.  If you’re deploying to a wide range of normal users, there’s no way to disable this feature (which kinda makes sense, in that this is a security hardening).  If you’re deploying to a managed environment, you can configure this via the privacy preferences control (com.apple.TCC.configuration-profile-policy) payload.

                  Of course, that requires that your apps be signed because that’s how the payload identifies the apps that it applies to.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                  [1] Historically there were ad hoc ways to do this, but these have fallen by the wayside now that code signing has reached a critical mass.