How to Audit App Permissions on Your Mac

The way macOS handles permissions is reasonable in isolation — each time an app wants the camera, mic, or your contacts, you get a dialog and tap Allow or Don’t Allow. The problem is the long term. After three years of installing and uninstalling apps, accepting permission prompts during onboarding flows, and forgetting which app asked for what, you end up with a sprawl of permissions across dozens of apps, many of which you no longer use.

A proper permissions audit takes about 15 minutes and is worth doing once or twice a year. Here’s exactly how.

The single screen you need: Privacy & Security

System Settings → Privacy & Security. On Sonoma 14 and Sequoia 15, this is the central hub. The left side has categories. Each category lists the apps that have requested (and been granted or denied) access to that category.

The categories worth auditing:

1. Location Services — which apps know where your Mac is
2. Contacts — who can read your address book
3. Calendars — who can read and write events
4. Reminders — who can see your reminders
5. Photos — full library access vs limited selection
6. Camera — who can turn on the webcam
7. Microphone — who can listen
8. Speech Recognition — who can transcribe what you say
9. Accessibility — who can control your Mac (powerful permission)
10. Input Monitoring — who can read your keyboard input system-wide
11. Full Disk Access — who can read essentially anything on your drive
12. Files and Folders — granular folder-level access (Documents, Downloads, Desktop, etc.)
13. Screen & System Audio Recording — who can capture your screen
14. Automation — apps that can drive other apps via AppleScript
15. App Management — who can install, modify, or remove apps
16. Developer Tools — who can run unsigned tools

Some of these are minor. A few are dangerous if granted to the wrong app.

The high-stakes permissions

If you only have time to audit two categories, audit these:

• Full Disk Access — anything granted here can read your Mail, Messages, Time Machine backups, and home directory. This is a “trust this app completely” permission. Should be limited to your backup tool, your password manager, and maybe a screen recorder. That’s it.
• Accessibility — apps with this can control your Mac as if they were you. Can click, type, read screen content, automate anything. Should be limited to apps you’ve specifically granted for automation purposes (Rectangle for window management, BetterTouchTool, Karabiner Elements).

If you see apps you don’t recognise in either list, that’s worth investigating.

Walk through each category

For each Privacy & Security category, ask:

1. Do I recognise this app?
2. Have I used it in the last six months?
3. Does it actually need this permission to do its job?

If the answer to any is no, toggle the permission off. The app keeps working — it just doesn’t have that specific access. If you ever need it again, the app will prompt you on next launch.

Apps that are commonly over-permissioned

In our experience, these are the categories where apps accumulate access they don’t really need:

• Old screen recorders with Screen Recording — keep one current tool, revoke the rest
• Password managers from past trials with Accessibility or Full Disk Access
• Note-taking apps with Camera, Mic, and Photos — for features you never use
• Browsers from a year ago that you uninstalled but whose permissions stuck around
• Communication apps (Zoom, Teams, Discord, Slack) with Camera, Mic, Screen Recording — usually fine, but worth reviewing if you’ve stopped using one

What about uninstalled apps?

Here’s the annoying part: some permissions linger after you uninstall an app. macOS keeps the entry in case you reinstall. The permission isn’t doing harm without the app to use it, but it’s clutter.

To remove: in Privacy & Security → category → select the app → click the minus button at the bottom. Sometimes you need to unlock the panel first (click the lock icon, enter your password).

If macOS won’t let you remove it, that means the app is technically still installed somewhere. Use Finder’s Applications folder or a proper uninstaller to find it.

Audit your permissions in one screenSweep shows every app’s camera, mic, file, and location permissions on one page. Revoke in one click. Get Sweep free →

Location Services: the long tail

System Settings → Privacy & Security → Location Services. This list is usually the longest. Apps that have ever asked for location are listed here, even ones that don’t really need it.

Reasonable to grant location to:

• Maps
• Weather
• Find My
• Photos (for geotagging)
• A specific delivery or transit app you use

Less reasonable:

• A note-taking app
• A photo editor (it has Photos access — different thing)
• A “system optimiser” tool
• Anything you don’t recognise

Toggle off anything that doesn’t need it. The “While Using” option (where available) is a middle ground for apps that occasionally legitimately need location but shouldn’t track you when closed.

Local Network: a sneaky one

Local Network permission means an app can scan your Wi-Fi for other devices. Useful for some legitimate apps (Spotify casting to a speaker, smart home apps, video chat). Less useful for many that ask anyway.

Found in Privacy & Security → Local Network. Audit it, revoke from anything that doesn’t need to find local devices.

Bluetooth

Apps with Bluetooth permission can talk to your nearby devices. Find My, audio apps, some home automation. Less obviously, some apps use Bluetooth scanning for location estimation (sniffing nearby beacons).

Privacy & Security → Bluetooth. Revoke anything that doesn’t need it.

Microphone access in particular

The microphone is the permission most worth periodically reviewing. Apps that requested mic access during a one-off voice memo or video chat keep it forever otherwise.

Common over-permissioned apps:

• A note app you used once for voice memos
• Old video conferencing tools you’ve stopped using
• A podcast app you tried briefly
• Any app that “needed” the mic for a feature you used twice

Revoke broadly. If an app actually needs the mic, it’ll ask again next time.

Camera: similar reasoning

Same audit applies to camera. Old photo apps, abandoned video recorders, communication tools you’ve migrated away from. Privacy & Security → Camera → toggle off anything not in current use.

This is also where you’ll see if any apps you don’t recognise have camera access — a stronger reason to audit, since unknown apps with camera permission deserve investigation.

Full Disk Access deserves a paragraph

Full Disk Access is the “I trust you with everything” permission. It bypasses macOS’s normal protections that limit apps to their own sandbox and your obvious documents.

Apps that genuinely need it:

• Backup software (Time Machine itself, Backblaze, Arq)
• Password managers (some, for keychain access)
• Some sync tools that touch system files
• Specific privacy/security tools you’ve consciously installed

Apps that don’t:

• Most note-taking apps
• Most photo editors
• Browsers
• Communication apps
• Games

Audit ruthlessly. Anything you don’t recognise here is suspicious. Anything you no longer use should be removed.

Don’t dig through Settings yourselfSweep surfaces every app’s permissions in one place. Free for macOS →

Make this a recurring task

Twice a year is the sweet spot. New macOS releases (Sonoma was followed by Sequoia, etc.) sometimes introduce new permission categories — Sequoia 15 added screen recording transparency improvements, for example. After every major update, taking a quick scroll through Privacy & Security is a good habit.

You can also audit after big software changes:

• After uninstalling several apps
• When you’ve stopped using a service (Zoom → Teams, Slack → Discord)
• When buying a new Mac and migrating

What this audit doesn’t catch

A few things are outside Privacy & Security:

• iCloud sharing — what your Apple ID is sharing across devices is in System Settings → your Apple ID
• Keychain entries — saved passwords, certificates. System Settings → Passwords (Sequoia 15) or Keychain Access app
• Browser permissions — sites that have been granted camera, mic, location are managed inside each browser, not at OS level
• Login items and background processes — different category, in System Settings → General → Login Items

For a full privacy audit, eventually all of these matter. But the OS-level permissions are the biggest exposure for most people.

The single-screen alternative

Doing this one category at a time is tedious. You’re clicking through 16+ categories, scrolling each, comparing apps, toggling individual permissions. After 15 minutes most people give up before finishing.

A privacy auditing tool that puts all categories on one page — every app and every permission it has, sortable, revokable in one click — is genuinely faster.

Sweep’s privacy audit does exactly that: every app on your Mac, every permission category, in one screen. You see at a glance which apps have what. Revoke in a click. Clean what’s stale, keep what you actually use. That’s the audit.