Thanks Quinn, Sorry, yes, my sloppy terminology of "The Finder" which I often use for unattached dialogs the user sees. I did not know this about the Full Disk Access being different so my experiments with plists for the priviledge helper need to be redone. One of the operations my helper is doing that needs Full Disk Access is downloading a pkg and checking it is signed. None of the normal security api's appear to work with pkg's, maybe I missed something there, I can check apps and so forth on disk. So I end up running /usr/sbin/pkgutil --check-signature instead as I could not figure out how pkgutil is implemented. Did I miss something in the security api, should I be able to look at a pkg's validity?

I don’t really understand this. If your helper is downloading the file, it should put it in a place that doesn’t require Full Disk Access. placing it somewhere else is easy, the running of pkgutil appears to require it though. If the check passes I'm then also going to want to run /usr/sbin/installer on it, I think that too requires Full Disk Access. The application is trying to make things easier for the user, telling them to go to the privacy pref is a non-starter. I actually think I have to scrap the whole approach. I just don't see how to do it though. I need the app to look at what is currently installed, talk to a couple of different servers, present a UI to allow some customization, download the desired installers and then run them.