Security and Privacy: Why is System Preferences access needed?

Is Hookmark secure? Please elaborate on why System Preferences access is required. Having access (in Security & Privacy → Automation) enabled all of the time makes me feel uneasy. Do user-supplied scripts have the same access? Can a rogue script perform unexpected, perhaps destructive, changes to my system?

Also, I have Full Disk Access to Hookmark disabled, as I understand that it is not required.

Thank you.

Hookmark needs to control an app if and only if you want Hookmark to interact with said app. More precisely: in order to get the title of the current document or object and its URL. Hookmark also supports Hook to New for some apps, which may require automation.

When you select a file in Finder, for instance, and invoke Hookmark, Hookmark communicates with Finder and says the automation equivalent of “hey, man, what’s the path of the current file?”.

Hookmark trial and Pro users can inspect almost every integration script that Hookmark provides by looking at Hookmark > Preferences > Scripts tab:

they’re open for the user community to inspect and users can comment here or elsewhere on our integration scripts. If you have a Hookmark Pro license you can edit those scripts too.

then don’t use Hookmark.

You need to grant access for each app with which you want to use Hookmark. You can revoke the access later.

If you pick up some random script on the Internet and install it, it’s at your own risk. Even here in principle a jerk can post a bad script, or tell a user to jump off a bridge. If you don’t know AppleScript, wait a bit to give the community a chance to vet it. Our forum has been around since Jan 2019 and no one has posted a BS script here yet, but that doesn’t mean someone won’t do it 5 minutes from now.

Same goes for the forums of any Mac app that has an API ( AppleScript or whatever).

1 Like

Thanks for the information. BTW, I didn’t intend to offend by my comment about using Hookmark making me feel uneasy. My apologies.

But, somehow, I expected your reply:

Your last statement regarding rogue/random scripts expands the perspective from Hookmark to any other app – like a web browser – or even just clicking a link on a search engine response. Even downloading purchased software from well-known companies has caused problems in the past for some customers, because the download was infected by malware.

Unfortunately, humanity seems to be more inclined to destroy than to create.

Thanks for being one of the creators!