Which Apps Have 'Input Monitoring' on Your Mac (Reading Your Keystrokes)

Input Monitoring is the macOS permission that lets an app read keystrokes from anywhere on the system, even when the app isn’t in the foreground. It was introduced in Catalina to give users explicit control over a capability that gaming utilities, automation tools, and accessibility software had been quietly using for years. Now it’s its own toggle in System Settings, and it deserves the same regular audit as Screen Recording or Accessibility.

Here’s a tour of who legitimately requests it, who doesn’t, and how to keep the list tight.

What Input Monitoring actually does

When an app has Input Monitoring on, it can:

• Read every keypress on your Mac, including in other apps
• Read modifier states (Shift, Option, Cmd, Ctrl)
• Detect game controller input (some controllers register as keyboards)
• Monitor mouse buttons in some configurations

It does not let an app:

• Send keystrokes (that’s Accessibility)
• Read clipboard contents
• See window contents (that’s Screen Recording)

The reason Apple split this out from Accessibility: Accessibility was being used as an umbrella permission for things that didn’t really need that level of reach. Input Monitoring is narrower — read-only on input — so apps that just want to detect keystrokes don’t need to request the full Accessibility toggle.

Who legitimately needs it

A short list of apps where Input Monitoring being on makes sense:

• Gaming peripherals — Razer Synapse, Logitech G Hub, Steelseries GG, Corsair iCUE
• Macro and remapping tools — Karabiner-Elements, BetterTouchTool, Hammerspoon, BetterDisplay (some features)
• Streaming overlays — Stream Deck, OBS plugins that show keypresses
• Accessibility helpers — apps that fire actions on specific key combos for users with motor difficulties
• Some game launchers — Steam (for controller input), GeForce NOW

Outside of those categories, Input Monitoring is rarely justified. A web browser, a document editor, a music player, a chat app — none should have it on. If you see one of those in the list, it’s a flag.

Where to check

Open System Settings → Privacy & Security → Input Monitoring. The toggles are listed alphabetically. Anything with a toggle on can read your keystrokes.

A few things worth noting about this list specifically:

• It tends to be shorter than Accessibility because fewer apps request it
• The entries often look generic (helper processes, daemons) because the actual binary that listens for input is sometimes a background helper, not the main app icon
• Greyed-out entries from uninstalled apps are common here too

Audit your permissions in one screenSweep shows every app’s permissions on one page. Revoke in one click. Get Sweep free →

What about keyloggers?

Worth being clear: Input Monitoring on its own is not a keylogger. A keylogger is a program that captures keystrokes and exfiltrates or stores them. Input Monitoring is the capability that a keylogger would need on macOS, but it’s also the capability that legitimate gaming software, macro tools, and accessibility apps need.

The difference is in what the app does with the keystrokes. Razer Synapse uses Input Monitoring to know when you press a programmable key on your gaming mouse. A keylogger uses the same capability to record everything you type. macOS can’t tell those apart at the API level — it just knows the app has the toggle.

That’s why the toggle exists as a user control. You decide which apps get to read your keystrokes. The system enforces it.

How to revoke

Toggle off any entry you don’t trust or don’t actively use. The app may need to quit and reopen for the change to take effect. If you turn off Input Monitoring for, say, Razer Synapse, your gaming mouse’s programmable keys will stop working until you grant it again — but a standard mouse will still work normally.

For greyed-out ghost entries (apps you’ve uninstalled), select the row and press the minus button. Authenticate when prompted.

Codesigning matters more here

Apps requesting Input Monitoring on a current Mac must be codesigned and notarized. Apple’s notarization process scans for known malicious patterns. It doesn’t catch everything, but it’s a meaningful filter.

If you ever see an Input Monitoring prompt for an app that isn’t signed and notarized, that’s a major flag. Modern macOS will normally refuse to even open such an app without explicit Gatekeeper bypass, so you’d typically see a “this app cannot be opened because Apple cannot check it for malicious software” warning first.

You can confirm signing with:

codesign -dv --verbose=4 /Applications/AppName.app
spctl -a -vv /Applications/AppName.app

The first shows the developer’s identity. The second shows whether Apple has notarized the binary.

See what your apps actually accessSweep surfaces every camera, mic, file, and location permission on your Mac. Download Sweep free →

Why some apps request both Input Monitoring and Accessibility

Macro tools and remappers usually need both because:

• Input Monitoring lets them detect the trigger (you pressed Ctrl+Shift+M)
• Accessibility lets them act on it (paste this snippet, focus that window)

Karabiner-Elements is a good example. It needs to know which keys you pressed (Input Monitoring) and to remap them by sending different keystrokes (Accessibility). Without both, it can’t do its job.

This is normal. The two-permission ask is the price of the kind of automation these tools provide.

The unusual cases

A few apps request Input Monitoring for reasons that aren’t obvious:

• Some browsers — for global media keys (play/pause from anywhere)
• Music players — same reason, for play/pause and skip with media keys
• Conferencing apps — for global mute/unmute hotkeys
• Note-taking apps with global capture — Bear, Drafts, Things, with their “press a hotkey from anywhere to add a quick note” feature

Whether you grant these depends on whether you use the global hotkey feature. If you’ve never pressed a media key while a different app was focused, you don’t need to grant Input Monitoring to your music player.

What about secure input?

Just like with Accessibility, password fields drawn correctly use “secure input” mode. While secure input is active, no app can read keystrokes — even with Input Monitoring on. The icon for this is a small key in the menu bar of some apps (Terminal shows it).

If you see secure input persist after closing a password prompt — the lock icon stays — it’s a known macOS quirk usually fixed by clicking back into Terminal or the offending app and pressing Enter once. Restarting also clears it.

Audit checklist

Set a reminder for every 90 days:

• Open System Settings → Privacy & Security → Input Monitoring
• Verify each app on the list has a real reason to be there
• Turn off any you can’t justify
• Remove ghost entries with the minus button
• Cross-reference with Accessibility — many apps appear on both

Skip System Settings — see it all at onceSweep collapses the privacy maze into one screen. Try Sweep free →

Input Monitoring is one of those permissions most people never think about until they’re auditing the system. The list is usually short, the cleanup is fast, and the result is one fewer attack surface to worry about. The apps you actually use will prompt for it again if they need it.