New security controls are introduced with macOS Catalina. For example, apps must now obtain their permission before they can access parts of the drive that hold documents and personal files. Let's take a look at the security innovations in Catalina.
Some apps require permission to access your files.
Apps must now request permission to access specific parts of your file system. This includes your Documents and Desktop folders, your iCloud drive, and any external volumes currently connected to your Mac (including flash drives, memory cards, and so on). This is the change that has made the most headlines.
Apple has been pushing permissions-based access to iOS for some time, and we're seeing more of these security policies are finding their way into macOS. If you are upgrading to Catalina for the first time, this can lead to a blizzard of permission request dialog boxes. This has caused some people to compare it to full-screen Windows Vista security prompts (but in reality it is not nearly so outrageous).
Unprocessed Catalina first recording.
And I have not even started this Actual work yet.
This could be Apple's shining Windows Vista moment. pic.twitter.com/CxuVhA3BxV
– Tyler Hall (@tylerhall) October 7, 2019
From the point of view of safety, a change is to be welcomed, but it will take some time take time to get used to it. Also, not every app will request access. In our tests, we were able to open and save files using the Markdown editor Typora, but navigating to the Documents folder in the terminal with the command
cd ~ / Documents / requested permission.
Go to System Preferences> Security and Privacy> Privacy and click the "Files and Folders" option to see all apps that have requested access. You can also grant access to your entire hard disk by clicking on "Full Disk Access". Note that for some apps, such as For example, searching for duplicate files requires access to your entire drive from this menu.
To make changes, first click the lock icon in the lower-left corner of the window, and then enter your administrator password (or use the Touch ID, if you have a fingerprint reader). You can then check the box next to the app to grant access.
Input monitoring, screen capture, and Safari
Disk access is not the only change to permissions in macOS Catalina. Apple now demands that apps ask for permission to log keystrokes and take screenshots. For options for each of these options, see "Input Monitoring" and "Screen Capture" in System Preferences> Security and Privacy> Privacy.
Input monitoring refers to any text input that is not processed by the operating system, and the Allow Full Access setting on iOS for third-party keyboards. This could help protect against keyloggers. Screen capture restrictions prevent apps from recording anything on your screen without permission. This restriction affects apps like Apple's QuickTime Player, which ask you to open System Preferences, click the lock to authorize changes, and then manually grant permission.
Safari also prompts you to allow downloading requests or reject files from specific domains or to share your screen. You can refine your selection by launching the browser and then clicking Safari> Settings> Sites. You can grant permission to the site at any time, refuse it, or ask the site to ask you to provide you with the controls provided each time.
macOS now stored on a separate disk
During the installation process for macOS Catalina, your main system volume is split into two volumes : One read-only volume for core system files (your operating system) and another volume for data that provides both read and write access. You do not have to do anything. The installer does this for you.
This places all the important operating system files on a single read-only volume that neither you nor any of your apps can modify. You can not see the second volume until you open the Disk Utility. In the sidebar you should find two volumes – a normal old "Macintosh HD" (your operating system) and a "Macintosh HD data" for everything else.
This change will not attract most users. It has no effect on the daily functioning of your computer. The read-only volume will only be affected when you update your Mac. All you need to know is that the change makes it even harder for rogue apps to damage the part of your drive that stores the most sensitive data on the operating system.
Gatekeeper is starting up
Gatekeeper is the technology used whenever you try to run an app that does not come from the Mac App Store signed an authorized developer certificate. Gatekeeper prevents you from running dodgy apps on your Mac. In Catalina an upgrade is performed.
Apps are now scanned for malware with Gatekeeper every time they run. So far, this only happened on the first attempt to open the app. To speed up the process, Apple has launched a new notarization process that requires developers to send their apps to Apple so they can be approved in advance.
When Gatekeeper determines that an app has been notarized, it does not have to search for it's malware on every launch. As of macOS Catalina, any developer who has signed his app with an Apple Developer ID Certificate must also submit his Apple Certification Apps to pass the gatekeeper exams. This means more bureaucracy and developers, but more security for consumers.
You can still install and run apps that were not signed with Developer Certificates or downloaded from the Mac App Store:
- Start the app you want to run and confirm the gatekeeper warning that the app is running prevented.
- Go to System Preferences> Security and Privacy> General, and look for a hint at the bottom of the screen that the app has been started.
- Click "Open anyway" to bypass Gatekeeper and launch the app.
Activation lock for Macs with a T2 chip
The activation lock was first added to iPhones to deter thieves. The feature locks every iOS device to your Apple ID. You will need to log in with your login information if you want to restore the factory settings of the device. That way, a thief can not steal your phone or tablet, restore it to factory settings, and then resell it as a used device.
The same technology now finds its way into macOS Catalina. This only works if your Mac has the Apple T2 chip, a special piece of silicon that joins the System Management Controller, Image Signal Processor, Audio Controller, and SSD Controller into a single piece of hardware. The T2 chip is currently found on the following Mac computers:
- MacBook Pro 2018 or later
- MacBook Air 2018 or later
- iMac Pro (all models)
- Mac mini 2018 or later
Takeaway Make sure the Find My Mac service is turned on in System Preferences> Apple ID> iCloud. If you intend to sell your Mac, you must first disable the Find My Mac service. You should also re-install macOS and delete all personal information before you sell it.
You are not sure which Mac you have? Click the Apple logo in the top left corner and choose About This Mac to see the year, model, and other specifications.
Find My helps you find devices and friends.
Apple redesigned Find My iPhone and renamed Find My instead. The service was previously only available through iCloud.com and iPhone and iPad apps. However, in macOS Catalina, Apple has integrated a special "Find My" app that lets you track all your devices.
The new app gives you the power to track not just devices associated with your Apple ID, but your friends as well. Previously, the Apple Find My Friends app was used for this purpose. However, the app "Find My" will take on the double task in the future. You can share your location with this app by clicking "Share My Location," typing in your email address, and clicking "Submit."
Note that Find My Location works only with other Apple users. The person you share your location with needs an Apple ID and access to Find My to participate, either on an iPhone, iPad, or Mac. You can also share your location through your iOS device in the News app. This is generally a better idea, as most of us are more likely to be using our cell phones than our MacBooks.
Click the "Devices" tab to view all your devices devices, along with their current and past known locations. Click on a device to select it, and then click on the "i" button to see more options. Depending on the device, you may be able to play a sound, mark the device as lost, and even remotely wipe the device.
All Little Things
As with any new version of macOS, there are many minor changes that you might not notice at first. One of the best is the ability to approve administrator requests on your Apple Watch. If you can unlock your Mac with your Apple Watch, you can grant the administrator permission to install apps, delete files, and more.
Safari increases security by telling you if your passwords are too weak. Safari also suggests new "safe" passwords and stores them in your iCloud keychain. With the Notes app, you can now share read-only notes. Click the Add People button and change the Permission box to Only Persons You Can Invite to share a note without full write permission.
These are just a few of the changes in macOS Catalina available immediately.
RELATED: New features in macOS 10.15 Catalina, now available