MacOS – How much data can an app steal from the MacBook if I allow its system-wide execution

macosmalwaresandboxSecuritysoftware-recommendation

I'm interested in knowing how to monitor and possibly sandbox an app and its relative background processes in MacOS. Is there some internal utility hidden somewhere in the system tools (even CLI), or maybe some tool from the web? I cannot find anything about this. Furthermore, it looks like everyone still thinks Mac OS cannot get malware and it is not helping.

Let's say I want to install an Android Emulator to play android games on my MacBook. I know that the majority of the emulators are Chinese, therefore I will expect a significant amount of telemetry.
I decide to go with the app Mumu. During the installation, the app asks me to input my password to allow the creation of a new Helper (anyway, what is it and what does that even entail?). In order to do this and continue with the installation, I have to allow the (initially blocked) execution of a "system software", in Security & Privacy >> General (pic).

If I ever decided to play along, how could I monitor the effects of this choice? Can any app with these privileges access any other app data? In particular, I am interested in keeping these safe:

  • browser history (eg. chrome, firefox…)
  • KeyChain
  • files all around my disk (duh… )

What is safe and what is not?
How can I know (in real-time possibly) what a specific service/process/app with granted privileges is doing to my computer?

Thanks in advance

Best Answer

Deny any app that needs a background helper and elevated access would be the safe way to sandbox and protect your data.

  • If you grant full disk access and your admin password, all of your data is exploitable.
  • If the intent of that program is to harvest and exfiltrate the data, it can read everything. Not all apps will do that or even be programmed correctly if the intent is to harvest data, but you’ve opened the gate if you allow that entitlement.

(Since you didn’t name a specific app, we can’t weigh in on how secure or like malware it might be - it could be very well designed and not designed to harm your privacy. )

Sounds like the install process is game over for you in this case. Apple ships malware detection and removal tools, and goes to great lengths with these alerts, a framework for code signing, and putting up these restrictions to get most people aware and to say no to apps asking for permissions they have no need to run.

As to everyone thinking there is no risk, that’s hyperbole at best. Here is where I would start to educate and protect your Mac and learn about malware detection and options.

Related Question