Hm… I struggle to picture what you’re trying to achieve…

If you are “making an app” as in coding one, you can just have it say ask for a pin in a window as part of starting up.

You suggest various encryption related solutions… what is your threat model? Do you want to make the identity of the app unknown to others? Normally, autkenticating users is the responsibility of the os/desktop environment, and it would be non-ideomatic for an application to bundle its own auth, except for apps such as a password manager.

If you want to make an existing system app privileged/secret in some way then that sounds awkward indeed. Normally you’d definitely be using user management facilities (e.g. dedicated users and sudo config) to achieve such a thing.

If you really do want to make the app “secret” in some sense you could achieve the same thing as with your mac using a combination of loopback block devices (see man losetup) with an encrypted luks volume inside… but depending on the app you might end up in dependency hell if it’s not statically linked.

ymmv 🙂

Wanna know what will save the children? Mandating that every OS grants its users the same levels of freedom and control that a FOSS one does.

That level of user enablement should be argued as constituting a higher standard of parental control than anything else on the market.