Mac Privacy Permissions Explained: Camera, Mic, Screen Recording, and More

Your Mac tracks every app that has permission to use your camera, microphone, screen recording, files, contacts, location, and more. All of these are stored in a system called TCC, which stands for Transparency, Consent, and Control. If you want to check mac privacy permissions, you need to understand what TCC tracks, where it stores that data, and how to audit everything without clicking through a dozen separate menus.

Here is what every permission category does, how to check them, and which ones actually matter.

Every Privacy Permission macOS Tracks

macOS organizes privacy permissions into distinct categories. Each one controls a different type of access. Here is the full list:

Camera -- Apps with this permission can activate your webcam at any time while running. macOS shows an indicator light when the camera is active, but the app does not need to ask again after the initial grant.

Microphone -- Same as camera, but for audio input. An orange dot appears in the menu bar when an app is using the microphone, but the app has standing permission to listen whenever it wants.

Screen Recording -- Apps with this permission can capture the contents of your screen, including other app windows. This is one of the most powerful permissions because it can expose everything visible on your display.

Full Disk Access -- Grants an app the ability to read files across your entire system, including Mail, Messages, Safari data, Time Machine backups, and certain admin areas. This is the broadest file access permission macOS offers.

Accessibility -- Allows an app to control your computer through the accessibility API. This means the app can simulate clicks, read window contents, and interact with other apps on your behalf. Password managers and automation tools legitimately need this, but malware abuses it heavily.

Input Monitoring -- Lets an app monitor keyboard and mouse input globally, even when the app is not in the foreground. This is essentially keylogger-level access, granted through a system permission.

Files and Folders -- More granular than Full Disk Access. Apps can request access to specific folders like Desktop, Documents, Downloads, or removable volumes. Each folder is a separate permission grant.

Contacts -- Read access to your address book.

Calendars -- Read and write access to your calendar events.

Photos -- Access to your Photos library.

Location Services -- Allows an app to determine your geographic location. Some apps request this in the background, meaning they can track your location even when you are not actively using them.

Automation -- Controls whether one app can send Apple Events to another app. For example, a script that controls Safari or Finder needs Automation permission for each target app.

Developer Tools -- Allows apps to run software that does not meet system security policies. Mostly relevant for developer workflows.

That is over a dozen separate permission categories, each with its own list of allowed apps.

How to Check Mac Privacy Permissions Manually

The manual process is straightforward, just repetitive:

1. Open System Settings (click the Apple menu in the top left, then System Settings).
2. Click Privacy & Security in the sidebar.
3. You will see the full list of permission categories on the right.
4. Click into each category one at a time to see which apps have been granted access.

Each category shows a list of apps with toggle switches. A blue toggle means the app currently has permission. A gray toggle means permission was previously granted but is now revoked.

Some things to know about this process:

• You need to check each category individually. There is no "show me everything" view built into macOS.
• Some categories only appear after an app has requested that permission for the first time. If you do not see Input Monitoring, it means no app has asked for it yet.
• Certain permissions like Full Disk Access and Accessibility require you to click the lock icon and authenticate before you can make changes.
• Changes take effect immediately for most categories, but some (like Full Disk Access) require you to restart the app.

For a deeper look at which apps are recording you, see our guide on how to check if apps are recording you.

The Permissions That Matter Most

Not all permissions are equally dangerous. If an app has access to your Contacts, that is a privacy concern. If an app has Screen Recording and Input Monitoring, that is a surveillance concern. Here are the six permissions that deserve the most scrutiny:

Screen Recording is the single most powerful privacy permission on macOS. An app with screen recording access can capture everything on your display: passwords as you type them into websites, private messages, financial data, documents. If you see an app in this list that you do not actively use for screen capture or remote meetings, revoke it immediately.

Input Monitoring is the closest thing to a legitimate keylogger that macOS allows. Apps with this permission can read every keystroke, including passwords and private messages. Very few apps have a legitimate reason for this. Keyboard customization tools and some accessibility software need it. Most other apps do not.

Full Disk Access gives an app the keys to your entire file system. It can read your email database, your Messages history, your Safari browsing data, and your Time Machine backups. Backup software and security tools legitimately need this. A random utility app does not.

Accessibility access lets an app control your computer programmatically. It can click buttons, read window contents, and interact with other apps. Malware that gains Accessibility permission can effectively take over your machine while appearing to run in the background.

Camera and Microphone are the ones most people think about first. They are important, but they are also the most visible. macOS shows indicator lights and dots when these are in use. The permissions listed above can operate silently.

For more on which apps have camera access and why it matters, we have a dedicated breakdown.

How Apps Get Permissions Without You Noticing

macOS is designed to require explicit consent for each permission. But in practice, several patterns lead to permissions being granted without much thought.

The installation flow prompt storm. When you first install and launch an app, it may trigger three or four permission dialogs in rapid succession. Camera, microphone, accessibility, screen recording. Most people click Allow on all of them just to get the app working. The prompts are designed to be individually clear, but in a burst, they become noise.

Inherited permissions from app bundles. Some apps include helper tools or background agents that inherit or request their own permissions. When you grant Full Disk Access to a backup app, its background daemon may also gain elevated access. You granted permission once, but two processes now have it.

Permissions that persist across updates. When you update an app, its existing permissions carry forward. This is usually what you want. But it means that an app you granted Screen Recording access to two years ago still has it, even if the app has changed ownership, changed its data practices, or added telemetry you did not agree to.

Pre-installed software. Apple's own apps come with certain permissions pre-granted. FaceTime has camera and microphone access by default. This is expected, but it means your permission lists are never starting from zero.

MDM and enterprise profiles. If your Mac is managed by an organization, your IT department can silently grant permissions to apps through configuration profiles. You may not see a prompt at all.

How to Audit All Permissions at Once

The manual approach works, but checking twelve or more categories one at a time is tedious. Most people check Camera and Microphone, maybe Screen Recording, and skip the rest.

Under the hood, macOS stores all of these permission grants in a SQLite database called TCC.db, located at ~/Library/Application Support/com.apple.TCC/TCC.db. This is the single source of truth for every privacy permission on your account. There is also a system-level TCC.db at /Library/Application Support/com.apple.TCC/TCC.db that stores permissions for system-wide services.

You cannot easily read this database yourself. It is protected by SIP (System Integrity Protection), and reading another user's TCC.db requires Full Disk Access. Apple does not provide a built-in tool to dump all permissions in one view.

CoreLock reads the TCC database directly and presents every permission category in a single dashboard. Instead of clicking through each System Settings panel individually, you see which apps have camera, microphone, screen recording, full disk access, accessibility, and input monitoring permissions all in one place. It flags apps with combinations of permissions that look unusual, like a note-taking app with both screen recording and input monitoring access.

What to Revoke (and What to Keep)

Here is a practical framework for deciding what to revoke.

Revoke camera and microphone from apps that do not need them. If Chrome has camera access but you never make video calls in Chrome, revoke it. You can always re-grant it later when macOS prompts you. The same applies to apps like Slack or Discord if you only use them for text chat. See our guide on mac security settings you should change for more recommendations.

Revoke screen recording from anything that is not a screen capture or video conferencing tool. There is almost no reason for a productivity app, a browser, or a social media client to have screen recording access.

Revoke input monitoring from everything except keyboard utilities. If you use a custom keyboard layout tool or an accessibility app that needs global input access, keep it. For everything else, revoke.

Be careful with Accessibility. Password managers like 1Password legitimately need Accessibility access to autofill credentials across apps. Screen readers need it for obvious reasons. Automation tools like Keyboard Maestro or Hammerspoon need it. But if you see an app in the Accessibility list that you do not recognize, investigate it before deciding.

Keep Full Disk Access for backup and security tools only. Time Machine, your backup software, and security scanners need Full Disk Access to do their jobs. A PDF editor does not.

Review Automation permissions periodically. Scripts and apps that control other apps through Apple Events can do surprising things. If you no longer use an automation workflow, revoke its Automation permission.

One general principle: when in doubt, revoke. macOS will prompt you again the next time the app tries to use that permission, so you are never permanently breaking anything by revoking access.

Bottom Line

macOS has a robust permission system, but it is only as good as the attention you give it. Most people grant permissions once and never look again. Permissions accumulate over months and years, and apps you stopped using two years ago may still have access to your camera, microphone, and keystrokes.

Check your permissions today. Open System Settings, go to Privacy & Security, and work through each category. Or use a tool like CoreLock to see everything in one view. Either way, do not let your permission lists run on autopilot. The five minutes it takes to audit them is worth it.