Over the last few releases of macOS, Apple has been beefing up the Mac’s privacy controls so they more closely resemble what the company has done in iOS. You’ve undoubtedly noticed that when you first launch a new app on your iPhone or iPad, it often prompts for access to your contacts or your photos, the camera or microphone, and so on. The idea behind those prompts is that you should always be aware of how a particular app can access your personal data or features of your device. You might not want to let some new game thumb through your photos or record your voice.
macOS has been heading in this direction too, with macOS 10.15 Mojave upping the stakes and 10.16 Catalina forcing apps to play this “Mother, May I?” game in even more ways. As a result, particularly after you first upgrade and whenever you install a new app, you may be bombarded with dialogs asking for various permissions. For instance, the Loom app that helps you make quick video recordings of your screen requires lots of permissions. Grant them and Loom won’t have to ask again.
Loom’s requests are entirely reasonable—it wouldn’t be able to do its job without such access. That applies more generally, too. In most cases, apps will ask for access for a good reason, and if you want the app to function properly, you should give it access.
However, be wary if a permission dialog appears and you don’t recognize the name of the app making the request or if you aren’t doing anything related to the request. Apple’s hope is that you’ll deny access to requests from malicious apps.
The problem in Catalina is that apps have to ask for permission for so many basic capabilities that users become overwhelmed by all the dialogs. A good app, like Loom, will walk the user through accepting them on its first launch, but even still, answering four or more requests can be confusing.
You might be tempted to deny access categorically. That’s fine from a privacy standpoint, but not when it comes to functionality—when you deny a permission request, you prevent that app from working as you anticipate. Fortunately, you can always grant (or revoke) permission later. And remember, once you’ve granted permission, you won’t have to do it again for that app—it’s a per-app request, not a per-session request.
To see which permissions you’ve granted or denied, open System Preferences > Security & Privacy > Privacy. A list of categories appears on the left; click one to see which apps have requested access. If you’ve granted access, the checkbox next to the app will be selected; otherwise it will be empty.
You’ll notice that the lock in the lower-left corner of the System Preferences window is closed. To make changes, click it and sign in as an administrator when prompted.
Most of these categories are self-explanatory, but it might not always be obvious why an app wants permission. In the screenshot above, for instance, Slack has been granted access to the Mac’s camera. Why? So its video call feature can work.
Annoyingly, giving access often requires that you quit the app in question before the permission takes effect. That’s awkward on the first launch of a new app, since you launch it, respond to a bunch of dialogs, and then have to quit and relaunch before you can use it.
There are some categories (including some not showing above) that could use additional explanation:
-
Accessibility: Apps that request accessibility access want to control your Mac. In essence, they want to be able to pretend to click the mouse, type on the keyboard, and generally act like a user. Utility and automation software often needs such access.
-
Full Disk Access: This category is a catch-all for access to areas on your drive that aren’t normally available to apps, such as data in Mail, Messages, Safari, Home, and more, including Time Machine backups and some admin settings. Backup and synchronization utilities need full disk access, in particular. An app can’t request full disk access in the normal way; you must add it manually by dragging its icon into the list or clicking the + button under the list and selecting the app in the Applications folder.
-
Automation: The Mac has long had a way for apps to communicate with and control one another: Apple events. An app could theoretically steal information from another via Apple events, so the Automation category lets you specify which apps can control which other apps. You’ll see normal permission requests, but they’ll explain both sides of the communication. (System Events is a behind-the-scenes macOS utility that helps with scripting and automation.)
So if you’ve been seeing repeated requests for permission in Mojave and especially in Catalina, now you know why these dialogs keep popping up. They’re a bit irritating at first, but the added privacy is worthwhile, and once you’ve granted permission to an app, you shouldn’t hear from it again.
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.05 · Low AI Influence
Summary
macOS has been increasing privacy controls, prompting apps to ask for permission before accessing personal data or device features.
Related Posts
Setting up Ollama on macOS
Recently, after some bad experiences with OpenAI's ChatGPT and CODEX, I decided to look into and learn more about running local AI models. On its face it was intimidating, but I had seen a lot of people in the MacAdmins community posting examples of macOS setups, which really helped lower the bar for me both in terms of approachability and just making me more aware of the local AI community that exists out there today.
AI Agent Constraints and Security
I really feel like in this era of AI it's essential to write about and share experiences for others who are leveraging AI, especially now that AI usage seems almost ubiquitous. Specifically, when it comes to AI in development and the rapid growth of AI-driven automations in the IT landscape, I believe there's a need for open discussion and exploration.
ABM Warranty 0.4.1
The 0.4.x release series for ABM Warranty is focused on operational scale. The earlier 0.3 releases were about trust, correctness, and stabilizing the foundation. Version 0.4.1 builds directly on that work by making the app more practical for consultants, internal IT teams, and managed service providers who need to support multiple environments without losing isolation, control, or visibility. This includes improvements to user interface and workflow, as well as enhanced reporting capabilities to help these users manage their workflows more efficiently.
Vibe Coding with Codex: From Fun to Frustration
So there I was, a typically day, a typical weekend. As a ChatGPT customer, I had heard good things about Codex and had not yet tried the platform. To date my experience with agentic coding was simply snippit based support with ChatGPT and Gemeni where I would ask questions, get explanations and support with squashing bugs in a few apps that I work on, for fun, on the side. There were a few core features in one of the apps I built that I wanted to try implementing but the...
The warranty dashboard Apple doesn’t provide… yet
Download ABM Warranty
Why Apple Fleet Risk Isn’t a Security Problem—Until It Is
Security and risk are often treated as interchangeable concepts in modern IT environments, but they are not the same discipline. Security focuses on controls, enforcement, and prevention. Risk management, by contrast, is concerned with likelihood, impact, and consequence across operational, financial, and organizational domains. Frameworks such as those published by NIST make this distinction explicit: risk assessment is not a technical exercise, but a business one. Technology informs risk decisions, but it does not define them.
ABM Warranty 0.3.1
The 0.3.x release series for ABM Warranty is about tightening guarantees. Where earlier releases focused on surfacing data and making long-running operations observable, 0.3.x focuses on ensuring that what you see is complete, consistent, and safe to trust—particularly as the app is used in larger, slower, and more varied environments. This shift in focus aims to provide a more reliable foundation for users who require higher levels of assurance from their warranty management system.
ABM Warranty 0.2.0
ABM Warranty 0.2.0 is a feature release focused on visibility, safety, and scale. This version does not change what ABM Warranty is meant to be, but it significantly improves how the app behaves under real-world conditions—large device counts, API throttling, long-running imports, and the kinds of failure modes Apple IT admins actually encounter. The improvements in this release are designed to make the app more reliable and efficient, allowing it to handle complex scenarios without breaking or becoming unresponsive.
Running a Beta Program: Lessons Learned
Shipping software in isolation is comforting. You control the inputs, the environment, and the narrative you tell yourself about how things work. The moment you invite other people in—especially people who don’t share your assumptions—you lose that comfort. You also gain something far more valuable. Running a public beta for ABM Warranty through Apple’s TestFlight program forced me to confront that tradeoff head-on, and it fundamentally changed how quickly and confidently the app matured.
The Day I Unmanaged a Mac Into a Corner
There are a few kinds of mistakes you make as a Mac admin. There are the ones that cost you time, the ones that cost you sleep, and then there are the ones that leave you staring at a perfectly good laptop thinking, “How did I possibly make this *less* manageable by touching it?” These mistakes often stem from a lack of understanding or experience with macOS, but they can also be the result of rushing through tasks or not taking the time to properly plan and test.
