Maybe apple allows his own softwares
Indeed, I believe that's what's going on. Safari has some special entitlements, you can see them if you run the following command in Terminal: codesign -dv --entitlements - /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app
.
The special entitlement that allows this kind of behaivor is com.apple.private.tcc.allow
:
[Key] com.apple.private.tcc.allow
[Value]
[Array]
[String] kTCCServiceAddressBook
[String] kTCCServiceCamera
[String] kTCCServiceListenEvent
[String] kTCCServiceMicrophone
[String] kTCCServiceScreenCapture
[String] kTCCServiceSystemPolicyDownloadsFolder
[String] kTCCServiceCalendar
[String] kTCCServiceSystemPolicyAppData
[String] kTCCServiceAppleEvents
I hope it is not the same behaviour for full disk access grant...
There is another simillar full disk access entitlement value, kTCCServiceSystemPolicyAllFiles
, but Safari doesn't have this.
but this is not good for security...
While these Apple apps have these entitlements, other apps cannot obtain them without explicit permission from Apple. They need to be signed by Apple in order to receive these entitlements.
So, generally speaking, there is no way for them to access these permissions without prompting the user, unless they exploit some sort of vulnerability. If you find such a vulnerability, you should report it to the Apple Security Research website.