Can you trust that permission pop-up on macOS?

Original Article ↗ Hacker News Discussion ↗

Slack / Electron “helper tool” prompts on macOS

  • Multiple people report frequent, intrusive dialogs like “Slack is trying to install a new helper tool,” often asking for the admin password and reappearing if canceled.
  • Explanation offered: these come from macOS’s Service Management framework; apps (often Electron-based ones like Slack, Discord, VS Code) install privileged helper tools, mainly for auto-updates or system-level tasks.
  • Users question why simple apps need root-equivalent helpers and note that MDM/EDR tools (SentinelOne, CrowdStrike, etc.) can interfere, causing repeated prompts.
  • Some avoid native Electron apps entirely, using web apps or macOS web-app shortcuts instead.

Permission dialogs as “security theater” & prompt fatigue

  • Many describe severe “permission fatigue”: constant prompts for admin passwords, local-network access, removable drives, app downloads, etc., to the point they stop reading dialogs and just click Allow or Cancel by habit.
  • Corporate-managed Macs can show dozens of prompts a day, especially with security tools and frequent updates.
  • Users compare this unfavorably to earlier Apple ads mocking Windows Vista’s UAC, arguing macOS is now worse.
  • Some run as non-admin and/or install apps into ~/Applications so updates don’t need elevation, though others note this may reduce security in some cases and interacts oddly with macOS protections.

Spoofing, TCC, and trust in the UI

  • Central worry: any app or website can visually mimic macOS permission/password dialogs; users are being trained to trust and respond to random prompts.
  • People discuss ideas like security images, LEDs, “secure desktop” like Windows UAC, touch ID-only flows, or dialogs attached to specific windows/Settings, but note these are only partial defenses and can confuse users.
  • macOS’s TCC and capability model are criticized as bolted-on and inconsistent: they hinder legitimate devs, confuse users, and yet keep getting bypasses (like the CVE from the article).

Apple’s patching and platform direction

  • Several are disturbed it took Apple about a year to patch this bug and that the fix landed only in macOS Sequoia 15.5, leaving Ventura and Sonoma vulnerable by design.
  • Debate over whether Apple leans too much on App Store review/notarization instead of hardening the runtime; some see the prompts as partly a funnel into the App Store ecosystem.
  • Comparisons with Windows and Linux highlight that no platform gets this balance of security vs usability right, but macOS’s current UX is widely viewed as confusing and easily abused.