[lilyball]

Finder doesn’t run as sudo though. TCC is layered on top of Unix file permissions. It prohibits access to files, it doesn’t open a hole through pre-existing protections.

Basically, it acts as a sandbox rule. Sandboxing your app doesn’t allow you access to new files, it just denies access as determined by the sandbox profile.

[lilyball]

I just took another look at the article and it appears I misunderstood what it was saying. I thought it was saying automation of Finder granted access to other users' files. This is not the case. It was talking about accessing other users' files in the previous section, but in this one it's merely claiming that allowing automation of Finder means being able to read data owned by your user that would otherwise be blocked by TCC.

And honestly, that's not a surprise. "Granting an app the ability to automate the Finder means granting it the ability to access any data the Finder can access" seems fairly obvious.

[tsimionescu]

The article's point is that, while understandable, the UI completely hides these facts from you. Finder is not mentioned as having FDA in the settings app, and so, even if you realize that Automation of FDA app means having FDA, you won't be able to tell implicitly that apps having Automation of Finder rights also have FDA through this mechanism.

Furthermore, in principle there is nothing stopping OSX from giving me a prompt when Automation AppX without FDA access wants to access my files through Finder specifically.