Mojave Automation security has bad user experience

Originator:pierre.bernard
Number:rdar://41630689 Date Originated:June 29 2018
Status:Duplicate/41570203 Resolved:
Product:macOS + SDK: Automation Product Version:
Classification: Reproducible:
 
In MacOS Mojave sending Apple Events to other applications requires authorization from the user. The user experience to grant authorization is sub-par.

This is particularly problematic in situations where Apple Script is the “official API” for interacting with applications or data. In the absence of metadata editing or bulk editing extension API for Apple Photos, Apple Script remains the API of choice for third party applications to work with photos: geocode, bulk rename, etc.

Moreover third party applications implement Apple Script support not only allow automation by the user, but also as an API for other applications to connect to.

On the first attempt to send an Apple Event, the user is prompted for authorization. After refusal later requests fail. Once aware of the problems caused by the initial refusal, the user needs to navigate to a setting burried deep within System Preferences to correct the issue.

The current workflow has the following problems:

1. No API to check if authorization has been requested, granted, or denied.
1a. Thus no way to “dim” UI for features that are not available without authorization
1b. Difficult to time the authorization request to a moment where the user can understand the context
1c. No way to provide a UI that lists authorizations (photos, contacts, automation, etc.) granted 

2. The target application is launched before the user is prompted for authorization. This may startle the user, cause worry and reduce the likelyhood of granting authorization

3. No way to provide an explanation as to why automation is needed. This again reduces the likelyhood of the user granting authorization. Because of #1 it is not possible to alert the user about the upcoming prompt and to proactively provide an explanation.

4. No way to trigger a new prompt for authorization. E.g. after adding new features or after explaining to the user why automation is needed or after the user otherwise changes her mind.

The user experience thus involves:
- trying out a feature
- seeing an application launch
- being asked for authorization with no explanation given
- seeing a desired operation fail
- wading trough System Preferences to update the setting


Solutions:

1. Provide API akin to [EKEventStore authorizationStatusForEntityType:EKEntityTypeReminder]

2. Provide API to request authorization prior to attempting to send Apple Events. I.e. API akin to -[EKEventStore requestAccessToEntityType:completion:]

3. Allow for an Info.plist key akin to NSRemindersUsageDescription

4. Enhance API provided under #2 with an option to show the prompt again if authorization was previously refused.  E.g.

-[NSAppleEventManager requestToTarget:bundleId
options:NSAppleEventManagerRequestPromptAlways
completion:block]

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!