Hacker News new | ask | show | jobs
by Wowfunhappy 9 days ago
> However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor...

I want apps to be able to do that!
2 comments
Barbing 9 days ago
Yes but miffing to open Privacy & Security & see dozens of apps pretending to need “accessibility” features. Apple has a dozen+ categories there but many poweruser apps I want specifically need accessibility.

Is there an opinionated reason not to break out capabilities?

link
int0x29 9 days ago
> Is there an opinionated reason not to break out capabilities?

If you have a disability and need tools to use your computer the last thing you want to do is have those things not only off by default but complicated and involved to turn on.

link
skykooler 9 days ago
Is there a reason a capability has to be covered by only a single permission? Why not have one accessibility permission that covers all that and then a bunch of individual permissions for non-accessibility apps?
link
Wowfunhappy 9 days ago
Apple doesn’t provide another API for this, so apps have to use the one that’s available.
link
vorticalbox 9 days ago
i think the issue is that you can still have these all under the accessibility api but why not break that down more

accessibility.screenshot accessibility.paste

and whatever else there is. that completely removes the issues for apps like this.

link
Wowfunhappy 9 days ago
As a programming practice in service of the principle of least privilege, that would make complete sense.

The issue is with Apple's UX. Apple insists on asking permission for every little capability an app wants. So I would have to say "yes, allow this app to take screenshots" and "yes, allow this app to read the clipboard".

I wouldn't be surprised if, in the near future, Apple forced people to click "yes, allow this app to read the clipboard from app X" and then separately "yes, allow this app to read the clipboard for app Y" and so on for every single other app on my machine.

Apple does not allow you to say, "yes, I trust this #$@-ing app, please allow it to do whatever it needs."

link
vorticalbox 7 days ago
annoying true, but no reason they couldn't group read/write into the same prompt.
link
phainopepla2 9 days ago
Then they should use an appropriately scoped API, as OP suggested.
link
int0x29 9 days ago
Controlling my computer is appropriate scope for an accessibility tool
link