![]() “Apple devices help prevent apps from accessing a user’s personal information without permission using various technologies… System Preferences in macOS, users can see which apps they have permitted to access certain information as well as grant or revoke any future access.” ![]() The current version of the platform security guide states: Crash Course: What’s TCC Again?Īpple’s latest platform security guide no longer mentions TCC by name, but instead refers to ‘protecting app access to user data’. We hope that by bringing attention to these failures, users and admins might better understand how and when sensitive data can be exposed and take that into account in their working practices. Our concern in this paper is to highlight a number of ways in which TCC fails when users and IT admins might reasonably expect it to succeed. There have been plenty of complaints about what this means with regards to usability, but we do not intend to revisit those here. With each iteration of macOS since then, the scope of what falls under TCC has increased to the point now that users can barely access their own data – or data-creating devices like the camera and microphone – without jumping through various hoops of giving ‘consent’ or ‘control’ to the relevant applications through which such access is mediated. With macOS, Apple took a strong position on protecting user data early on, implementing controls as far back as 2012 in OSX Mountain Lion under a framework known as ‘Transparency, Consent and Control’, or TCC for short. In recent years, protecting sensitive user data on-device has become of increasing importance, particularly now that our phones, tablets and computers are used for creating, storing and transmitting the most sensitive data about us: from selfies and family videos to passwords, banking details, health and medical data and pretty much everything else.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |