Input Monitoring (Input Monitoring) is a macOS privacy permission. Input Monitoring allows an app to monitor all keyboard and mouse input across your entire Mac, regardless of which app is in the foreground. This means the app can see every keystroke you type — including passwords, credit card numbers, and private messages. Common apps that request this permission include Karabiner-Elements, BetterTouchTool, Logi Options+, Elgato Stream Deck, Synergy. Risk level: danger. To check which apps have this permission, open System Settings, go to Privacy & Security, and select Input Monitoring. CoreLock scans for all apps with Input Monitoring access and flags any that also have network access — a red flag for potential keyloggers that capture and exfiltrate your keystrokes. It monitors for newly added Input Monitoring permissions and alerts you immediately.
Input Monitoring allows an app to monitor all keyboard and mouse input across your entire Mac, regardless of which app is in the foreground. This means the app can see every keystroke you type — including passwords, credit card numbers, and private messages.
Click the Apple menu and select System Settings.
Click Privacy & Security in the sidebar.
Click Input Monitoring. This shows apps that can see your keyboard and mouse input system-wide.
Only keyboard remapping tools, custom input devices, and accessibility tools legitimately need this. If you see an app that shouldn't need to read your keystrokes, remove it immediately.
Go to System Settings > Privacy & Security > Input Monitoring.
Toggle off the app or select it and click the minus (-) button to remove it completely.
Changes to Input Monitoring may require the app to be restarted, or in some cases a full system restart.
CoreLock scans for all apps with Input Monitoring access and flags any that also have network access — a red flag for potential keyloggers that capture and exfiltrate your keystrokes. It monitors for newly added Input Monitoring permissions and alerts you immediately.
Input Monitoring provides the technical capability that keyloggers use — the ability to read every keystroke. Legitimate apps use it for keyboard remapping or custom shortcuts. Malicious apps use the same capability to steal passwords and sensitive information. The permission itself isn't malicious, but it's the highest-risk permission for credential theft.
Yes, if you want to use custom button mappings or gestures. Peripheral management software like Logi Options+ and Razer Synapse need Input Monitoring to detect custom button presses and remap them. If you're using the default button functions, you can safely revoke it.
Check System Settings > Privacy & Security > Input Monitoring for any app you don't recognize. Also look in Accessibility — some keyloggers use that permission instead. CoreLock automatically flags suspicious apps with input-reading permissions and checks them against known threat databases.
CoreLock scans every app on your Mac and shows you exactly which permissions each one has. Find hidden access in under 60 seconds.
Download CoreLock FreeAvailable for macOS and Windows