Apple macOS Mojave 10.14.0 introduces some updates to the Apple user-centric inter-app data-sharing security model. Any macOS device administrator wanting to ease their users’ transition to the new user consent for data access behavior in Mojave must pay close attention to the new Privacy Preferences Policy Control payload.
What Is User Consent for Data Access?
A sandboxed application must request the user’s permission to access data from another application or protected system resource. Your users are most likely familiar with this implementation for user consent from iOS, wherein an app requests location data or some other type of access.
Within macOS, much of the functionality for user consent for data access was driven from the Privacy tab within the Security & Privacy preference pane.
Apple introduced the ability for MDM vendors to configure user consent for data access permissions on behalf of a user on a user-approved MDM enrolled device.
There are now a number of new capabilities for managing user consent for data access in macOS Mojave’s Privacy Preferences Policy Control payload.
How Does User Consent for Data Access Affect VMware Workspace ONE UEM?
As you can expect, these changes will impact almost every macOS app developer, and particularly device management vendors. For Workspace ONE UEM, the resulting impact of this new behavior is two-fold:
- New macOS Profile Payload – To simplify administration of privacy settings, the console will provide a Privacy Preferences Policy Control payload for macOS Mojave devices.
- Additional User Prompts – User consent for data access prompts the user to allow access for the VMware AirWatch Agent (Workspace ONE UEM Agent) for macOS.
For more information, see Apple macOS Mojave User Consent for Data Access Changes, and VMware Workspace ONE UEM.