Mac Automation Permissions: What Apps Can Drive Other Apps?

The Automation pane in System Settings → Privacy & Security is one of the stranger sections of macOS privacy. Instead of a flat list, it’s a tree: each app has a sub-list of other apps it’s allowed to control. The structure reflects the underlying mechanism — AppleScript and Apple Events — where one app can send commands to another to make it do things.

If you’ve used Shortcuts, run an AppleScript to file emails into folders, or used a launcher like Alfred to fire commands at Spotify or Music, you’ve granted Automation permissions. Here’s how to read the list and clean it up.

What Automation permission grants

When App A has Automation permission to control App B, App A can:

• Send AppleScript commands to App B
• Read data App B exposes through its scripting dictionary (emails, contacts, songs, browser tabs, etc.)
• Trigger actions in App B (compose a new message, play a song, open a URL)
• In some cases, write data to App B (add a calendar event, save a contact)

It does not let App A:

• Read App B’s files directly from disk
• Read App B’s iCloud data outside what App B exposes through scripting
• Bypass App B’s own permission requests for things like Camera or Mic

The key thing about Automation is it’s paired. The permission isn’t “App A can automate everything” — it’s “App A can automate Calendar” or “App A can automate Mail” specifically. If you grant Alfred the right to control Music, that doesn’t give Alfred the right to control Mail. It would have to ask separately.

The legitimate use cases

You’ll almost always see entries like:

• Shortcuts controlling Calendar, Reminders, Mail, Music, Safari
• Alfred or Raycast controlling Music, Spotify, Mail, Safari, Finder
• Keyboard Maestro controlling pretty much anything (it’s a power user automation tool)
• Hammerspoon similar to Keyboard Maestro
• BetterTouchTool controlling apps where it has a custom action
• Mail merge or email-management tools controlling Mail
• Backup or sync tools controlling specific apps to extract data

The entries are nested under the source app. So you’d open the Automation pane, click the disclosure triangle next to “Alfred,” and see “Music,” “Spotify,” “Safari” — each with its own toggle.

Where to find it

Open System Settings → Privacy & Security → Automation. You’ll see a list of apps that have requested automation access to other apps. Click the triangle next to each to expand and see what they’re allowed to control.

Things to verify:

1. Each parent app is one you actually use
2. Each child app under it is something you’d want this parent to be able to control
3. There aren’t unexpected combinations (a “free” cleaner controlling Mail is a flag)

Audit your permissions in one screenSweep shows every app’s permissions on one page. Revoke in one click. Get Sweep free →

How Automation works under the hood

macOS has had AppleScript since System 7 in 1991. It’s a scripting language that talks to apps via Apple Events — a IPC mechanism specific to Apple platforms. Each scriptable app has a “scripting dictionary” that lists what commands it understands.

You can browse any app’s scripting dictionary in Script Editor (in /Applications/Utilities/). Open Script Editor, choose File → Open Dictionary, pick an app, and you’ll see the full vocabulary. Mail’s dictionary, for example, includes commands like make new outgoing message, send, delete, and properties like subject, content, recipient.

Before macOS Mojave, any app could send events to any other without asking. Mojave introduced the Automation permission system to bring this under user control. Now every cross-app event needs a granted permission.

What gets weird: legitimate workflows that look suspicious

A few things in the Automation pane look concerning at first glance but are usually fine:

• System Events under various apps — System Events is Apple’s scripting bridge for things like the menu bar and system dialogs. Many automation tools need to control it. Leave it alone.
• Finder controlled by other apps — file management workflows often involve telling Finder to do things. Backup tools, archivers, and download managers commonly request this.
• Shortcuts.app — this is Apple’s automation tool. It needs to control whatever apps your shortcuts touch. The list under it can get long.

What’s actually concerning:

• A simple utility (a wallpaper changer, a clock app) controlling Mail or Calendar
• A free download you don’t remember installing controlling Safari or Chrome
• Anything with a generic name like “helper” or “service” controlling browsers

See what your apps actually accessSweep surfaces every camera, mic, file, and location permission on your Mac. Download Sweep free →

Revoking specific automations

In the Automation list, expand the parent app. Toggle off the child app you don’t want it to control. The parent app remains intact for its other automations.

If you turn off Automation for an app it currently relies on, the app may pop up an error or a re-prompt the next time you trigger that workflow. macOS reprompts cleanly — the app asks again, you can deny, and the toggle stays off.

There’s no master “remove all automation for this app” button. You go child by child.

What about Shortcuts specifically?

Shortcuts is Apple’s modern replacement for Automator workflows. Each shortcut you create that touches another app — say, “create a calendar event from selected text” — generates an Automation grant the first time it runs. Over time the list under Shortcuts grows.

If you’ve stopped using a particular shortcut but the Automation grant remains, it’s safe to revoke. The shortcut will re-prompt the next time you run it.

Power users sometimes maintain a clean Shortcuts library and prune unused shortcuts periodically. That naturally trims the Automation list too — when you delete a shortcut, the corresponding grant doesn’t auto-remove, but you can clean it up manually.

Sandbox apps and Automation

Apps from the Mac App Store, which run in a sandbox, need the com.apple.security.automation.apple-events entitlement to even ask for Automation. Apple reviews this during App Store submission and is fairly strict about it. As a result, sandboxed App Store apps have shorter Automation lists than non-sandboxed apps from elsewhere.

If you prefer to keep your Mac’s permission surface area small, prefer App Store versions of utilities where they exist. The trade-off is some App Store versions have fewer features than their direct-download siblings — sandbox restrictions can prevent things like global hotkeys or file system writes outside the container.

Audit walkthrough

Once a quarter:

1. Open System Settings → Privacy & Security → Automation
2. Expand each top-level entry
3. For each child app: ask “do I run a workflow where this parent controls this child?”
4. Toggle off any you can’t justify
5. Pay extra attention to grants involving Mail, Calendar, Contacts, and browsers — these are the highest-value targets

The cleanup should take 5–10 minutes once you’ve done it once. After that, just spot-check entries that look new.

What about iCloud-stored Shortcuts?

Shortcuts you create on iPhone or iPad sync to your Mac via iCloud. When they first run on the Mac, they request Automation permissions for the apps they touch. So you can end up with grants for shortcuts you didn’t realize had migrated. Auditing on Mac catches these.

Skip System Settings — see it all at onceSweep collapses the privacy maze into one screen. Try Sweep free →

Automation is the permission category most people don’t even know exists. The list might be long if you’re a power user, short if you mostly use mainstream apps as-is. Either way, the audit is straightforward — expand each app, look at what it controls, and toggle off anything that doesn’t match a real workflow.