Can apps read files from my vault while it's unlocked? Any simple workarounds?

Hi, new user here. App is very straightforward and I love what the team is doing.

I was curious, are the contents of my vault readable from 3rd party apps while it is unlocked? I imagine this would be the case.

If so, are there any tips for a macOS user to help mitigate this risk? I have 3rd party apps installed from outside the App Store and I want to make sure they can’t access my decrypted files while I’m viewing them.

Thanks in advance for any help!

If it’s like the Windows desktop app, when the vault is unlocked, then it is accessible to any app (at least any app that has the priveleges of the current user).

The Cryptomator team has said the purpose of the program is to provide security for the encrypted data on the cloud, they say there is nothing they can do about malware/spyware on our desktop devices (it should be our first priority to keep our device secure).

I say at least minimize the duration that critical vaults are unlocked. You can do that in part by separating your stuff into multiple vaults and only open the vault containing the thing you need to access. Also security through obscurity, I name my files in a way that doesn’t reveal what they are and in my notes I sometimes use codewords as if someone is looking over my shoulder. Perhaps that’s a little bit paranoid, but those are about the only additional options I see beyond of course doing your best to keep malware/spyware off of your device.