After a few months of research, the creator of fastlane, Felix Krause, published an article on his blog talking about how any Mac application can record the user's screen without him knowing.
According to Krause, any application for macOS, whether outside or inside the sandbox from Apple, can capture the screen silently without the user knowing in addition to accessing all pixels of the screen (even with the application in the background) and connected monitors.
The risk is not only in ?watching? you, pure and simple; Krause listed some of the worst things that can come out of it, like, for example, the app using simple OCR software to ?read? your passwords (even if they are in password managers), knowing what services you use (email provider, etc.), accessing source codes, API keys, personal data such as address and bank details, and other sensitive information.
And how does it actually work? Developers use only the code CGWindowListCreateImage to generate a full screen capture.
Krause commented on some measures that may work against this type of problem: the Mac App Store review process could verify the rights of the sandbox to access the screen; the user could be notified through a dialog box, so that he can choose whether or not to allow access, in addition to always being notified when the screen is being recorded.
For now, there is no solution for this but Apple has already been notified of the problem.