~/Library/Safari
directory, and then posts the data to a remote server. The files stored in that directory include lists of bookmarks, browser history, downloads, and other data related to browsing sessions. If another app were targeted, the bypass would provide access to other app-specific files.~/Library/Application Support/com.apple.TCC/TCC.db
– rely on the app's bundle identifier instead of the file path. So an app with a copy of that identifier in another location gets treated as the original, authorized app. The other is that TCC's code signature check is not very thorough and doesn't spot modified resources, because running a deep check of an app and its resource files can take a long time.