macOS Monterey unannounced security misfeature

June 23 2022 by Jeff Johnson

macOS 12 Monterey doesn't support my 2014 MacBook Pro, so I bought a new MacBook Pro in April. For a long time afterward I thought there was a bug in Keychain Access app that causes it to randomly launch in the background, behind the active app. I keep Keychain Access in my Dock and launch it from there, typically to copy a password and paste it into a form. (How many times must I enter my Apple ID??) I finally realized yesterday that this coincidence was the cause! Whenever the keyboard focus is in a secure text field, Monterey launches apps in the background. All apps, not just Keychain Access app.

Below is an example to illustrate. On Monterey, put the focus in the Password field and then launch an app from the Dock or from Spotlight. (Make sure the app isn't already running, otherwise it will be brought forward.)

This behavior happens in every web browser, e.g., Safari, Google Chrome, and Firefox. It happens in the Music and TV apps with the "Sign In to iTunes Store" dialog. It happens in Keychain Access itself, if you create a New Password Item and put the focus in the Password field. Oddly, it doesn't happen if the focus is in the Notes field of a New Secure Note Item. Also oddly, it doesn't happen in App Store app if the focus is in the Password field of the "Sign In to App Store" dialog. I'm not sure what causes these few exceptions.

I searched the web for documentation of this behavior and didn't find much — nothing from Apple, sadly — but there was an interesting Stack Overflow question: "On Monterey, while NSSecureTextField has focus, Hammerspoon can no longer bring another app into foreground". (Apparently Hammerspoon is a macOS automation tool. I'm not familiar with it.)

In retrospect, it turns out that I had encountered this behavior before in a slightly different situation. Shortly after I updated to Monterey, I noticed that apps kept launching in the background if Terminal app was in the foreground. After much debugging, I isolated the problem to the "Secure Keyboard Entry" setting in Terminal's main menu. I filed Feedback with Apple (FB9986784), and Apple engineering wrote a response:

This is intentional; since we can't know the user's reason for wanting secure text, we won't allow another application to pull itself forward without the user's explicit permission, because a launched application could accidentally get sent keystrokes that the user expected to go into Terminal.

Apple set my Feedback resolution to "Works as currently designed".

Although Apple considers this behavior to be a feature rather than a bug, I personally consider it to be a bug rather than a feature. The intention may have been good, but the implementation is bad.

  1. Why isn't clicking an app in the Dock considered explicit permission to bring the app forward?
  2. Apps that are already running are brought forward when I click them in the Dock, so why the difference?
  3. Backgrounding the app is annoying and inconvenient, because I'm launching the app in order to use it immediately.
  4. There's no way that I'm aware of to disable this security theater.
  5. There's no alert, notification, or visual indication to the user that macOS is intentionally backgrounding the app. Indeed you might not even see the background app at all if the frontmost app's window covers the screen. (This is even worse if you have "Show indicators for open applications" disabled in Dock System Preferences.)
  6. It's a bug because I thought it was a bug! I've been using a Mac for 20 years, and I was utterly confused for months about this "feature", until I finally figured it out on my own. User confusion — expert user confusion, if I do say so myself — is a bug.

Is there a way to rescue this as a security feature without removing it? Yes, I think so.

  1. Apple should document the feature in its support pages.
  2. Clicking an app in the Dock or selecting an app in Spotlight should be considered explicit user permission, which would allow the app to be brought forward.
  3. If an app launches without explicit user permission, and the system puts the app in the background, then there should be a visual indicator to tell the user why this happened. The visual indicator might even reassure users that the system is protecting them! Currently, most users have no idea that this feature even exists.
  4. The odd exceptions to the feature should be removed.
  5. There should be a preference to disable the automatic backgrounding. I'm fine if it's a hidden defaults command rather than exposed in System Preferences (or System Settings, sigh), but there needs to be a way to opt out of Apple's security paternalism.

By the way, I highly recommend Little Snitch to protect your privacy and security. I'd take Little Snitch over almost any security "feature" made by Apple nowadays.

Jeff Johnson (My apps, PayPal.Me)