Mac apps often request some kind of “permissions” during their installation. Since Apple expanded macOS Mojave’s Security and Privacy permissions, requests have only increased. What does this mean when an app wants “Accessibility permission?” Should you grant apps these permissions?
This permission is the most commonly requested, so our description starts here.
Accessibility permissions give apps extremely broad access to your Mac. Apps with this permission can access the entire system and control other apps. It’s like Full Disk Access plus Automation.
This was created for apps that help people with disabilities. Soon, other apps started asking for the same access. Some developers treat it as a blanket permission. It means the app will always have the access it needs. The app might not even need broad access, but developers request it to keep macOS from obstructing their app.
Malware could exploit this access to log activity or inject attacks. That’s why Accessibility permissions require a special feature. The user must turn on an app’s Accessibility access manually in System Preferences.
Here are some examples of what apps do with their access:
- TextExpander inserts text, images, and other content into any document.
- Alfred allows clipboard monitoring, snippet expansion, and simulating key events.
- BetterSnapTool moves and resizes application windows and reads window data.
- Dropbox updates the Finder UI with badges and progress icons.
This allows apps to request your current location. Because your Mac lacks a GPS chip, it accesses a database of Wi-Fi router locations. With this, Location Services grabs your location. Your IP address can also help estimate your location.
Camera and Microphone
These permissions are nearly the same. As the name says, they allow access to the FaceTime camera and microphone. System permissions, which also control file access, handle it. This prevents the application from accessing these resources unless explicitly permitted.
Permits the application to access the Photos database. This is different than accessing the camera. It’s also not as broad as accessing all the photo files on your Mac. It only permits access to the Photos.app database. If you have photos stored outside the Photos.app database, the app will not get permission to access them with this setting.
Calendar, Reminders, and Contacts
Like Camera and Microphone, these permissions provide the same control mechanisms over different areas of your Mac.
- Contacts permission includes any contact information stored in Contacts.app. Typically, messaging and email apps use this to access your contacts to send messages or identify senders.
- Reminders allows access to the content of the Reminders app. This is used by ToDo apps and task managers to integrate with Apple’s default system.
- Calendar permits access to the content of events in Calendar.app. Schedule apps use this to view and edit calendar events.
Pro Tip: The effect of these can be affected by selecting which accounts are able to share calendar, contact, and message data in “System Preferences -> Accounts.” If the data isn’t on your Mac, it can’t be shared with an application.
This allows apps to control other apps. Normally, macOS “sandboxes” applications. This limits what the apps can touch. By default, apps can only access their own data. Automation lowers the sandbox walls slightly, permitting an app to change how other apps work. Automation permissions grant access to specific apps, not every app.
Full Disk Access
This permission allows apps to read, write, and modify files anywhere on your disk. Essentially, this permission provides arbitrary access to files throughout the system. It includes data in Mail, Messages, Time Machine backups, Home, and certain admin settings for all users on the Mac. This access is also included in the Accessibility permissions, so few apps request it.
Controls how much data an application sends “home” to its developers. This can include metadata, as well as your Mac’s hardware and software configuration, your location, and iCloud data. The permissions allow you to decide who can get the data.
Advertising, on the other hand, explicitly handles advertisements. There’s really just one setting here, which is “Limit Ad Tracking.” With this on, you opt out of targeted ads from Apple. As usual, you don’t get fewer ads, just generic ads.
Permissions allow you to control what happens on your Mac. By requiring a user okay before accessing sensitive data, macOS works with you to keep access limited. Carefully consider what you’re giving up before giving an application permissions on your Mac. You should only allow it with trusted apps.