It’s Time to Review All Your Mac App Permissions

If you install a lot of software on your Mac, you will meet many contextual windows asking you to grant the authorization of these applications to do certain things. It is easy to click them on them without thinking, so it is worth checking them from time to time. If you haven’t done it recently, it’s time.

What are the authorizations and how do they work?

Authorizations are used to give you control of what applications can and cannot do on your Mac. They are divided in more than 20 categories, linked to specific hardware features, including your camera or microphone, certain functions such as checking your location and access to applications such as contacts. If you do not allow authorizations, programs will not be able to do these things.

You will see permission requests most often after installing a new application and executing it for the first time.

Many authorizations are quite benign, but others are much more powerful and can have major implications for confidentiality and security. Some, for example, will allow an application to access each part of your SSD, including your settings and backups. Others allow applications to save your screen or follow your keyboard entrance.

Almost all the time, it will not be a problem. Most applications require authorizations for a good reason and will not be able to perform correctly (or at all) without them. As long as you download your software from a reputed place like the app store or the official website of an application in which you trust, it should be good.

But if you install applications from less reliable sources or if you install a lot of software that you don’t know much, you must be much closer. Some programs require authorizations, and it is not immediately obvious why they need it. And, let’s be honest, even the well-known applications of the main developers are not always beyond the reproach. Why should a note taking application record your location whenever you launch it, for example?

How to check and revoke authorizations in macOS

The best way to manage authorizations is to know them and make a judgment as applications require them. Refuse everything you are not satisfied with, and if that means that the application does not work, find a different application.

But there may be a lot of authorization requests, and it is too easy to allow them without thinking. So, from time to time, you should also check which you have already given, just to keep an eye on what your software is allowed to do.

To do this, go to system settings> Privacy & Security. Here you will see all categories of authorizations. Click on everyone to see which applications require authorization and what you have authorized.

If there are any, you don’t judge necessary, make them turn. Or, to be invited again next time, you can reset it by highlighting the application and clicking on the “-” button at the bottom.

It is worth checking all categories. I keep my authorizations closely fully exercised. It doesn’t matter how much I trust an application, if I don’t think it needs to use the microphone or access certain files, I don’t leave it.

But some are worth paying particular attention to:

• Location services: Allows an application to check your location, which is also indicated by an icon in the menu bar.
• Files and folders: Allows applications to access the office, downloads, documents and iCloud readers, as well as external readers.
• Full access to the disc: Allows an application to access your entire reader. Very few applications really need it.
• Accessibility: Allows applications to control your Mac. It is mainly intended for accessibility applications, but is often used by others.
• Camera: Allows applications to use the camera. For more security, an icon appears in the menu bar when used, as well as a green light on a MacBook.
• Developer tools: Allows certain programs to run even if they do not meet the macOS security requirements.
• Entrance monitoring: An accessibility feature that allows applications to see everything you type (including passwords and credit card numbers).
• Microphone: Allows applications to use the microphone. This also invites an icon in the menu bar when active.
• Remote office: Allows a program to access and control your Mac remotely.
• Screen audio recording and system: Allows a program to save both your screen and your audio, even if you use other applications.

There are legitimate uses for all these authorizations: a screenshot application must be able to save your screen, a video call application needs your camera and microphone, and a weather application must know your location. But they can also be mistreated and could become confidentiality and security problems.

Prevent applications from accessing the Internet

An authorization that programs do not need is to access the Internet. They can constantly call at home during the race, for any reason. The blocking gives you ultimate control. You can configure the free Lulu firewall application to prevent specific applications from being able to go online. Obviously, this will not work for tools that need an internet connection. But if you have downloaded a game or something that you are not completely sure, there is no harm to do it.

But in most cases, an audit of rapid authorizations every few months will be sufficient and is one of the easiest ways to keep your Mac both safe and private.