https://arstechnica.com/information-technology/2018/08/macos-user-warnings-are-trivial-for-malware-to-suppress-and-bypass/

Apple works hard to make its software secure. Beyond primary protections that prevent malware infections in the first place, company engineers also build a variety of defense-in-depth measures that are designed to lessen the damage that can happen once a Mac is compromised. Now, a former National Security Agency hacker and macOS security expert has exposed a major shortcoming in one such measure.

The measure presents a confirmation window that requires users to click an OK button before an installed app can access geolocation, contacts, or calendar information stored on the Mac. Apple engineers added the requirement to act as a secondary safeguard. Even if a machine was infected by malware, the thinking went, the malicious app wouldn’t be able to copy this sensitive data without the owner’s explicit permission.