Hi,
I'm the developer of Mail Signature (MAS, bundle ID: de.metaflash.mail-signature), a Mac app that uses iCloud Drive to sync email signatures.
On macOS Tahoe, when a user denies the iCloud access permission dialog on first launch, there is absolutely no way to reverse that decision through System Settings.
Regression from Sequoia: On Sequoia, after denying iCloud access, the app correctly appears under System Settings → Privacy & Security → Files and Folders where the user can toggle access back on.
On Tahoe, the app does not appear anywhere in Privacy & Security after denial – not under Files and Folders, not under Apple ID → iCloud, nowhere.
Technical details:
- Affected TCC services: kTCCServiceUbiquity + kTCCServiceLiverpool
- tccutil reset Ubiquity <bundleId> alone is insufficient
- Only tccutil reset All <bundleId> triggers the dialog again
- This suggests both services need to be reset simultaneously
Impact: Normal users are permanently locked out with zero recovery path. The only workaround is Terminal: tccutil reset All de.metaflash.mail-signature ...which is completely inaccessible to average consumers.
As a MAS developer we have no way to help users programmatically:
- exec/child_process → sandbox blocked
- NSUserUnixTask → designed for user-supplied scripts only, not reliable here
- Apple Events to Terminal → blocked or App Review risk
Feedback submitted: FB22746525
Is anyone else seeing this? Would appreciate dups on the Feedback report. Any workaround suggestions from DTS welcome.