Apple safety precautions not practial in real life situation

I just had this phone-call from a secretary of one of my clients: “Can you tell me the password for your seminar app?”

???

Well, I connected with Teamviewer, in order to check the situation and saw that she actually tried to install the latest update of our application. In order to install the software, she was asked for her (macOS-) user password, which has nothing to do with our database application, but with Apple safety precautions.

Now, whatever is slightly outside the daily routine, is to much for her and her colleagues: they simply try to click those dialog-boxes away, because they don’t understand anyway what they are good for.

So we have to keep things dumb simple, otherwise the users are overwhelmed. Now the increasing number of decisions and confirmations is just confusing to them.

It seems to me, that Apple has totally lost focus. What once was a quality of Apple - keeping things simple - is lost.

Why was the user asked for the password? That’s really odd. This can only come from your app. Which version of macOS?

For fun: https://mjtsai.com/blog/2019/07/23/annoying-catalina-security-features

@ Beatrix:
Attempts to write in the boot root folder leads to a dialog that ask the user password (it’s an OS thing).

@ Oliver:
There is two different solutions: then simple one (a) and the larger one (b)…

a. Place a TextField at the window bottom (for all windows) and give a simple line of help there, context sensitive,

b. add a button with an (i) icon in all windows (and that can be more than one per window) that display a context help.

How do I falled in that trap?
In a project that deals with dates (and the original text file can comes from elsewhere), dates can follow other schema than ISO 8601. I added something I considered as simple (easy) way to set the actual dates as ISO 8601. After some months of use, I totally forgot how that worked and had hard time to guess what to do.
With sadness, I implemented the (i) button mechanism. :frowning:

It is on Mojave.

My update mechanism informs the user that an update is available (if checking for updates is enabled).

After download, the helper app launches the pkg installer and terminates the old instance of the app.

The pkg and app are codesigned and notarized. However, Mojave is still informing the user that this installer has been downloaded from the internet and asks for a password in order to install the software.

Am I missing something?

You should get a warning “this software was downloaded from the internet, do you want to open it?”. But there never was any password in this dialog. You got a screenshot? Or a download?

There was a time without much security. You could just install everything. Maybe not on a Mac, but in Windows XP and before this was a real problem. Anybody remembers the Loveletter-Virus?

The dialogs and confirmations were a result to these problems and the public uproar that OSes are so horribly insecure.

This may sound harsh, but we are living in a networked world where computers are a vital part and they need to get used to computer basics. If this was 1999 I would say ok, computers are relatively new in the office, but not in 2019…

@Beatrix Willius : That might happen if you’re installing a .pkg with a user account that does not have administrative privileges… always has and always will.
Or the .pkg was created to always ask for that (e.g. if it needs to install/update some components to locations where this privileges are required and therefore need to authenticate).

For a short screencast watch here:
https://vimeo.com/seminarpro/update

If you wish to have a look at the installer, then you can download it from here:
https://download.seminar.pro/api/download

[quote=446754:@Natascha Chrobok]<…>
The dialogs and confirmations were a result to these problems and the public uproar that OSes are so horribly insecure.

This may sound harsh, but we are living in a networked world where computers are a vital part and they need to get used to computer basics. If this was 1999 I would say ok, computers are relatively new in the office, but not in 2019…[/quote]

To believe that dialog-boxes make computers more secure is naive, to say at least. Since there is personal computing I see one thing that never changes: users do not read manuals, they make little to no learning efforts at all and they give up on anything that appears as complex to them.

It does not help to stick to a reality as it SHOULD be, but only to what actually is happening out there.

I thought that we have learned from MS Vista how not to do it. But obviously Apple is now going the macOS hasta-la-vista-way…

[quote=446756:@Oliver Osswald]For a short screencast watch here:
https://vimeo.com/seminarpro/update

Erm, thats normal isn’t it? I get that installing any app from my admin account.

Jürg Otter was correct: the app installs fine on an admin account. And you need a password on a non-admin account.

@Oliver Osswald: for what do you need the installer?

[quote=446760:@Tim Streater][quote=446756:@Oliver Osswald]For a short screencast watch here:
https://vimeo.com/seminarpro/update

Erm, thats normal isn’t it? I get that installing any app from my admin account.[/quote]

Exactly - it is “normal” now to have to input your password for any little thing. And as I just have experienced again this morning, average users just get confused by this: To many passwords, to many decisions to make, to many things to confirm where they do not really understand the consequences.

Dialog boxes are a help for the programmer, not for the user.

[quote=446762:@Oliver Osswald][quote=446760:@Tim Streater]

Exactly - it is “normal” now to have to input your password for any little thing. And as I just have experienced again this morning, average users just get confused by this: To many passwords, to many decisions to make, to many things to confirm where they do not really understand the consequences.[/quote]
It’s because they are intrusive and pop up at a moment when you’re trying to do something else.

I would alter this to say: “Security dialogs are for security conscious users, not for regular users.”

I for one actually like the password dialogs. They’re a subtle reminder that the action that is happening is going to have unfettered access t your computer. More than once have I clicked Cancel because I realized that “such and such app” shouldn’t need root access to accomplish this.

But I agree that regular users are not geared for this. Unfortunately this usually leads to more dialogs. :frowning:

[quote=446761:@Beatrix Willius]Jürg Otter was correct: the app installs fine on an admin account. And you need a password on a non-admin account.

@Oliver Osswald: for what do you need the installer?[/quote]

Well, before sandboxing it was a convenient way to create a streamlined update process. We could ask for the password once and save it to the keychain. Next time the update went automatic (if user allowed for automatic updates).

I have not been able to continue this once we sandboxed our application.

Now we could go the dmg way, but then we noticed, that users did not get it at all or forgot to eject the mounted dmg after installing or did not drag the app to the application folder.

So the installer still seems to be the lesser of two evils.

[quote=446764:@Greg O’Lone]<…>
But I agree that regular users are not geared for this. Unfortunately this usually leads to more dialogs. :([/quote]

… which they are not trying to understand or not reading at all but just clicking them away. A total hazard whether they click OK or CANCEL.

I tend to say: tight security for mobile devices is ok, but leave more freedom and more responsibility to computer users. Otherwise personal computing is dead soon.

[quote=446758:@Oliver Osswald]To believe that dialog-boxes make computers more secure is naive, to say at least. Since there is personal computing I see one thing that never changes: users do not read manuals, they make little to no learning efforts at all and they give up on anything that appears as complex to them.

It does not help to stick to a reality as it SHOULD be, but only to what actually is happening out there.

I thought that we have learned from MS Vista how not to do it. But obviously Apple is now going the macOS hasta-la-vista-way…[/quote]

I don’t want to start a “you said - I said”-discussion ;). Basically I got your point and to a certain degree I agree with you. However you have to consider the legal implications. By entering your username/password you confirm that you know what you are doing. If something goes wrong, it was 100% your fault because you acknowledged it by entering your username and password. It is like signing a contract without reading or understanding it – it does not matter for a judge as long as you are not under-age or officially mentally immature…

So this whole dialogue-thing is actually about getting rid of responsibility for the programmers , it is not about making the computer more secure.

The root of this frenzy is in the US, with its perverted law system where you can be made responsible when idiots pour hot coffee over themselves and then you have to pay millions…

This whole password typing does not make computing more secure. But it liberates the programmer from thinking himself about ways to make the right decision and it is way to hopefully protect himself from lawyers, specializing in chasing software firms.

[quote=446756:@Oliver Osswald]For a short screencast watch here:
https://vimeo.com/seminarpro/update [/quote]

I’d change the message at 0:22 to be something like “The installer asks for your macOS login password so it can complete the installation” even though it says that on the form, people read and prioritise things in red over most other things. This makes it clear that it is a bit of information they already have at their disposal and its not a password check that they didn’t read in an email or something. If the user needs to watch this video to perform this upgrade than then are already in the spoon feeding category (no insult intended) and every bit of extra info will only make things go more smoothly.

The only things these types of requests are good for is limiting silent installs of nefarious software.

And I would write: “The installer asks for the password of your macOS user account so it can complete the installation”

And @Oliver Osswald … please get rid of the “flashing Label”. That is irritating me. Why does downloading (and starting to download) need to much “Timeout!” 's?
That Label is describing the currently ongoing task… it should remain without being changed all the time. That makes it look “flickery”. Furthermore: It would be enough to just show “21,3 MB” (instead of such big numbers for KB’s).

And a a sidenote to what’s already a sidenote: I’d also like Xojo to do something similar in <https://xojo.com/issue/56203>. But I hope you get the idea when comparing what’s in there.