Unable to add an app to System Preferences / Security & Privacy / Files and Folders

1 - Suggest restarting in Safe Mode. This will perform a Disk Repair, clear cache files and only load Apple Software, extensions and fonts. The boot up will be slow and can take some time -Normal.

2 - Does the issue present in this mode ?

3 - If not - there could be something in the main User Account playing up. To further isolate this - Set up users, guests, and groups on Mac. Then log out of the Main User account and log into the dummy account and test again if the issue persists.

4 - If the issue is present in the dummy account - then this appears to be a System Wide issue.

5 - Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. And Safe to use.

The application is free or paid from added features. 

Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ).

It will take a Snap Shot -  both the hardware and software.

 The Report will Not Reveal Any Personal Information. 

Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )

We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.

Any Third Party Applications that will interfere with the normal operation of the OS, alter, modify, remove or delete or attempt to do so is an invitation for disaster and may require a Reinstallation of the OS.

This includes AntiVirus, Disk Cleaners, Disk Optimizes, UnInstaller etc.

The + and - buttons do not work in the Files and Folders pane. You need to add the file to the "Full Disk Access" pane and it will be listed in the Files and Folders pane if it needs to be.

jjkraw wrote:

Is there a different procedure to add an app now? Or is this just a bug? Something else?

FWIW, what you are seeing is normal in Monterey. You would have to add the app to Full Disk Access.

Old Toad wrote:

The + and - buttons do not work in the Files and Folders pane. You need to add the file to the "Full Disk Access" pane and it will be listed in the Files and Folders pane if it needs to be.

Certainly seems counter intuitive and less secure than just allowing access to a particular folder. Do you have any idea why macOS does this?

I know if I run an app from the Downloads folder, that I will be prompted by macOS to allow the app access to the "Downloads" folder, but I'm never prompted to allow the app "Full Disk Access". So somehow, it appears possible to just have the "Files & folders" permission, although I have to admit that I never checked to see if the app also had "Full Disk Access".

For me the VLC player, and others, appears under Files and Folder but not under Full Disk Access. I have 13 headings listed for Full Disk access and 20 listed for Files and folders

For Files & Folders, the App must request access from the user. This is accomplished using "Entitlements" set when compiled.

Full Disk Access was the original method when Apple started down this path of user data privacy. That is the only way you can add an app that wasn't designed to ask for access.

Interestingly, I have VLC installed and it isn't in either list, but I can open files from anywhere. Perhaps it is only when the app seeks to access user data on its own, not via the Open File Dialog.

HWTech wrote:

Certainly seems counter intuitive and less secure than just allowing access to a particular folder. Do you have any idea why macOS does this?

I have no idea. Went back thru my Files and Folder pane and see apps there that I had not consciously added to either pane. Barney-15E may have the answer.

Barney-15E wrote:

For Files & Folders, the App must request access from the user. This is accomplished using "Entitlements" set when compiled.

Entitlements are only required for accessing certain protected information like Photos or Contacts or restricted Apple services or APIs like maps. Any app can try to access protected folders. If the user grants authorization, then the app will be added to the authorized list for the requested folder. Apps do not have to be designed for this.

Full Disk Access was the original method when Apple started down this path of user data privacy. That is the only way you can add an app that wasn't designed to ask for access.

Full Disk Access is a higher level of access than items like removable folders, downloads, documents, and the desktop. All of those different locations could have personal information, but this is not guaranteed. If they did have any personal information, it would be in the form of user-created content. On one had, it could be very personal, but on the other hand, it could be in some random document. Or it might not exist at all.

Full Disk Access is designed for system folders like the "Library" folder. These locations are full of all kinds of personal information. Furthermore, the information is stored in machine-readable format. So if you were a hacker and knew what data you wanted, you could just go and get it. But if you wanted the same information in the Desktop or Downloads folders, you would first have to be really lucky and hope some interesting information actually exists. Then, you would have to download all of those documents and read through them, one-by-one, looking for something.

Full Disk Access is the only way to pre-authorize an app for access to protected folders. Otherwise, you just have to wait for an app to ask. In the case of the OP, using something poorly designed like emacs, one has to open up a huge security hole allowing any ruby script full access to the computer.

A far better choice would be any one of high-quality text editors designed for the Mac.

Interestingly, I have VLC installed and it isn't in either list, but I can open files from anywhere. Perhaps it is only when the app seeks to access user data on its own, not via the Open File Dialog.

There is a concept known as "user intent". The standard file open dialog is part of the operating system, not part of an app. If an app tries to open a file using a standard file open dialog, it will have more-or-less full access because that is a user's intent and Apple honours that. This is why these parts of the operating system can't be scripted. It is only when an app is trying to do something behind the user's back that you'll get these restrictions and/or dialogs. This includes any shell script or Terminal access. There is no way to differentiate between a malicious script and a user typing at the terminal, so all such access is considered high-risk.

For me the VLC player, and others, appears under Files and Folder but not under Full Disk Access. I have 13 headings listed for Full Disk access and 20 listed for Files and folders