Grant AveryAug 11, 2025
Marcin Wichary

It’s been over a year with these macOS pop-ups and I still have any idea why an app is asking, what should I say, what is the penalty for choosing Don’t Allow, etc. What a frustrating experience.

(Edit: I’m showing Chrome here but I am getting them for so many other apps without seemingly any rhyme or reason.)

Aug 8, 2025 at 2:22pmWeb
Show threadMarcin WicharyAug 8, 2025
I say Don’t Allow all the time not because I think the app doesn’t deserve access, but because I have no idea why it’s asking to begin with! I just feels like noise, and bad UI storytelling.
Show threadMarcin WicharyAug 8, 2025
A classic rule for these: show them after I invoked an action that lets me connect the permission to the intent, or explain the reason. Other dialogs like these are usually much better at this (for example: asking for permission to a Documents folder when I try to save a file). I am not sure why this one is so awful.
Show threadMattStudiesAug 8, 2025

@mwichary I think you put your finger on why it's so awful in your first post: 1) It's a deeply ambiguous permission that's very hard even for an expert to build a mental risk model around (compare to the Documents example). 2) The connection between your action and the dialog is very obscured. 3) It's very unclear what happens if you say no! Can you change your mind later? if so, where?

I love the idea of programs having to ask for consent, but the practical form of it can be deeply exhausting.

Show threadgullevek ☢️ 🇯🇵Aug 9, 2025
@mwichary I assume those applications just do a lot of shady shit so you don’t actually invoke anything. I just wished it would show more information what was the action that invoked it. I just say no.
Show threadGlenn FleishmanAug 8, 2025
@mwichary ditto. If an app I use isn’t something I know needs access, I choose Don’t Allow. Minimum access always the best policy.
Show threadMarcin WicharyAug 8, 2025
@glennf I just wish I wasn’t bothered by this seemingly every week! It’s starting to feel like what we hated about Windows.
Show threadGlenn FleishmanAug 8, 2025
@mwichary Yes, I get them every day or so, sometimes after installing an update. I rarely approve them.
Show threadJ. PetersonAug 8, 2025

@mwichary I'm always reminded of this ad when I see those warnings.

https://www.youtube.com/watch?v=VuqZ8AqmLPY

Get a Mac - Vista Vs Mac - Security - New Mac Add

YouTube
Show threadMarcin WicharyAug 8, 2025
@isonno Yeah, this is exactly right.
Show threadAndrew JorgensenAug 9, 2025
@mwichary
I agree the UX is bad, but it's almost certainly only asking for permission to resolve .local domains, and it's macOS doing the asking, possibly without Chrome even meaning it to, since you'd only actually ask to resolve a .local domain when someone tries to browse to one.
Show threadMarcin WicharyAug 10, 2025
Well, this explains… some things.
Show threadMarcin WicharyAug 10, 2025
I can’t help but think this whole system just feels poorly thought through in terms of design and UX writing. I don’t imagine Digital Color Meter is capturing my screen, and in iOS 26 beta this dialog somehow became even more scary (granted, it’s a beta).
Show threadtobiasAug 10, 2025
@mwichary the importance lies in what’s dev provided writing and what’s apple provided writing and not being able to distinguish between the two reliably as a user
Show threadrelsquiAug 10, 2025
@tobimori @mwichary 🎯same with like, "App wants to install a helper tool." I used to work on software that used that UI and it got comments from users like "this is vague and scary, please make the popup explain what's happening instead." we would've loved to if we could. and somehow it's still like that.
Show threadMarcin WicharyAug 10, 2025
@relsqui @tobimori That’s a great example.
Show threadBITNACHTAug 10, 2025
@mwichary How would the colorimeter know the colors without capturing the screen?
Show threadMarcin WicharyAug 10, 2025
@bitnacht To me, there’s a difference between capturing and having access to. Capturing implies storage.
Show threadMarcin WicharyAug 10, 2025
@bitnacht Plus, I just used it. I was there and saw what was happening. What does it help me to see this notification pop up a minute after I’m done?
Show threadBITNACHTAug 10, 2025
@mwichary I don't know if you are venting or asking a question and I don't have all the details. So my idea is: You have installed an App and granted it privileges to do a task. After that task is finished the app starts using these privileges without you knowing about it. The trick is to detect when a voluntary user interaction triggers the access. There are heuristics for that (well behaved app necessary). The OS can't reliably determine if the app stores the image.
Show threadBITNACHTAug 10, 2025
@mwichary Affinity Designer has a similar feature. It doesn't trigger a warning on Tahoe after you granted the privileges.
Show threadChancerubbageAug 10, 2025

@bitnacht @mwichary

The point is- there is absolutely no reason for such a feature or function to go onto the web PERIOD, nor see any thing but the volunteered pixels under an eyedropper. Even a pallete of the full image can be built and stored totally locally.

Show threadMarcin WicharyAug 10, 2025

@bitnacht Thanks. The details are in my other posts under the original. But just to wrap up this one:

- this notification happens at a strange moment (after I put it aside) that adds more questions rather than providing answers
- this is Apple’s own app, so they know exactly what it’s doing
- even for other apps, there is a better way to describe it

I understand how this all works in principle. I just think a lot of details are wrong.

Show threadBITNACHTAug 10, 2025
@mwichary Just in case you find it interesting: This is how it looks on my machine. #TahoeBeta … I get nothing else, just the thing in the control center.
Show threadMarcin WicharyAug 10, 2025
@bitnacht Thanks! That seems a bit less prominent than what I see in Sequoia.
Show threadScott PerryAug 11, 2025
@mwichary @bitnacht if anything, I do appreciate that Apple is subjecting its own app to its own privacy shenanigans instead of giving themselves a leg up on third parties via an custom exemption
Show threadMarcin WicharyAug 11, 2025
@numist @bitnacht Yeah, I was thinking it could even be educational in a sense. I just… don’t like it as much. It really feels very scary for a simple feature.
Show threadScott PerryAug 11, 2025

@mwichary @bitnacht Wasted opportunity. One of my own side projects (https://github.com/numist/Switch) is also affected by this (and does capture window contents, though it doesn't record them) and I'm sympathetic to the system's problem where it knows an app has access to the screen's contents but no notion of what that information is being used for.

You kinda *have* to assume the worst. Is this free colour picker app sending my bank balances to phishers as part of their mark selection? Who can say!

GitHub - numist/Switch: A window-based context switcher for the Mac

A window-based context switcher for the Mac. Contribute to numist/Switch development by creating an account on GitHub.

GitHub
Show threadGlenn FleishmanAug 10, 2025
@mwichary no, the entitlement means any access to the screen, even ephemeral. It is also required for remote sceen sharing apps.
Show threadmtc_ukAug 10, 2025
@mwichary
Also, Chrome is clearly shite.
Show threadMs NgoAug 10, 2025

@mwichary I’ve written an app that can inspect & capture parts of the screen to zoom in on them. The permission being granted does permit the app to grab anything on screen.

It’s honest kind of a frightening level of access & you really need to thoroughly trust any app you give this permission to.

Show threadMarcin WicharyAug 10, 2025

@causticmsngo I understand the system… I just question any system that tells me a built-in app for sampling colors is “capturing” the screen, and that it tells me that after I stop using it.

Whether it’s the permission system, the UI around it, or the timing around that UI, it just doesn’t seem that it’s working well. And that on top of the original, even more annoying “local network” permission.

Show threadColinAug 10, 2025

@mwichary I think you just press Yes and then it never prompts again. I see it happen once after install and never ever again after that.

It must prompt you after every version upgrade since you keep pressing No. and now you have lots of entries from previous versions where it prompted and a No was recorded.

Unless there’s a browser flag you can set to disable the Chromecast stuff (I think that’s why it prompts for this) or switch to something Firefox-based, chrome will continue to be a POS.

Show threadChris “Emergent-C” VreelandAug 10, 2025

@mwichary May be of interest to you- I went looking for answers in 2023 when I bought my M1 MBP only to see Chrome hogging 20% of CPU, and I found this site.

https://chromeisbad.com

Chrome is Bad

Show threadshorkAug 8, 2025
@mwichary I think this is for Chromecast functionality, in this case
Show threadMarcin KrzyzanowskiAug 8, 2025
@mwichary "it's complicated", and there is a looooot things that may trigger that popup implicitly. If you curious these are the most complete explanation I found so far: https://developer.apple.com/forums/thread/663858 and https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy
Local Network Privacy FAQ | Apple Developer Forums

Show threadShrouded ScribeAug 8, 2025
@mwichary I believe @rpmik is on the right track. The Chrome browser uses multicast DNS to allow control of Google devices on the network. Think Chromecast, Google TVs, Nest displays & speakers.
I set up a firewall rule in my router to not allow my work laptop to communicate with most of my home network. But because I have not blocked multicast, it still shows controls for the Google TV box when a YouTube video or other media is playing.
(Blocking multicast dns outright can cause other issues.)
Show threadLeo (he/him) 🇺🇦Aug 8, 2025
@mwichary I think those are from Chrome checking whether there are devices it can ChromeCast to on the network. If Chrome weren't Google, I might trust it, but with Google I expect that it will phone home and use my ChromeCast data to show me ads.
Show threadwoe2youAug 9, 2025
@yildo @mwichary Chrome's entire purpose is to put your eyeballs in front of ads and hoover up your data, I have no idea why anyone uses it.
Show threadkatherineAug 8, 2025
@mwichary so frustrating! i clicked "don't allow" on all of these, then later had trouble with some device and only after a ton of fiddling, learned that this had something to do with it, and that i needed to change it to "allow". horrible horrible
Show threadklarnebelAug 8, 2025

@mwichary in the photo you showed it tells you why it wants permission: „This will allow you to select from available devices and display content on them.“

I am rather happy about these pop-ups, since it allows me to decide if I want to provide more data for the app in question.

I do get that it is frustrating to get them often, but if an app has that pop-up very often, for me it is also an indicator to look for an alternative that isn’t as data hungry. It also should be possible to reduce 1/2

Show threadMarcin WicharyAug 8, 2025
@klarnebel Happy this is working for you! For me not connecting it to chromecast I had no idea what it meant or what devices it would want. And I also don’t want to go somewhere and have even more work turning this off or figuring out why, especially if it’s about stuff like Chromecast which I don’t even use.
Show threadklarnebelAug 8, 2025

@mwichary to reduce these pop-ups by choosing the things the app is allowed to do in settings.
That is also the place where you can change your decision of the pop-up later, if you want to.

After you chose it normally tells you something along the lines of „you can always change this by going to „Settings -> Chrome“ in a short pop-up for a second or two.

And if I don’t know why an app asks that, I search for the answer on the internet. I want to know what the apps do that I have. 2/2

Show threadendquoteAug 8, 2025
@mwichary I found Chrome couldn’t access localhost urls and it was driving me crazy, til I realized it was this permission that enables it. That was a while ago though, perhaps it’s changed.
Show threadTomasz TarczyńskiAug 8, 2025
@mwichary absolutely agree, this is one of the more annoying and out of context popups.
Show threadHenry WilkinsonAug 8, 2025

@mwichary I *think* what happened here is that an extra permission was retroactively added to access that apps used to just have by default and now they haven't specified to the OS that they *don't* (or do) require this permission so it pops up no matter what.

For the most part I don't allow, unless I specifically want the app to have knowledge about other devices on my network. Haven't found any issues with this strategy so far!

Show threadAleksanderAug 9, 2025
@mwichary any idea why e.g., VS code asks for that?
Show threadThe DodologistAug 9, 2025
@mwichary
Delete Chrome?
Show threadMarcin WicharyAug 9, 2025
@TheDodologist Chrome is far from the only app doing this.
Show threadBen HammondAug 9, 2025

@mwichary

Why isn't there a
> Never ever allow. And don't ask me again
button

Show threadPaul ShryockAug 9, 2025
@mwichary yeah, I get these from many apps almost daily, and always disallow. Very annoying.
Show threadTrezzer (aka Helvedeshunden)Aug 9, 2025
@mwichary It really is UAC all over again. “Will you allow system volume settings to change audio volume?” Whoever approved this design fundamentally misunderstands security AND computer users.
Show threadMarc Robinson Aug 9, 2025
@mwichary I've seen this so much I suspect it's a default setting that no one but Apple cares about. I also 'don't allow' every time.
Show threadbillyokAug 9, 2025
@mwichary every single time I launch certain browsers, even on the same day, no matter if I’ve pre-selected a setting in the settings app (which lists each browser dozens of times!), I get the pop-up again. Just maddening that this is acceptable to Apple.
Show threadporcelainhamsterAug 9, 2025
@mwichary One penalty I incurred from selecting “Don't Allow” is that Zwift on my MacBook Pro couldn't find the Zwift Companion App on the iPhone. Took a while to work that one out.
Show threadThomasAug 10, 2025
@mwichary to “allow” might be necessary if you want to access to your router settings on your local network
(Maybe not with Google Chrome to avoid upstream reporting)