Which Apps Can Read Your Photos Library on Mac?

Your Photos library on a Mac isn’t just a folder of images. If you use iCloud Photos, it includes everything you’ve ever shot on your iPhone, iPad, or Mac since you turned the feature on. People, places, faces, dates, GPS coordinates, the lot. So when an app asks for Photos access, you’re potentially giving it the full archive of your visual life.

Here’s what the permission actually does, who legitimately needs it, and how to keep the list trim.

What Photos permission grants

When an app has Photos access on macOS 14 Sonoma or 15 Sequoia, it can:

• Read photo and video files from your library
• Read EXIF metadata (camera, lens, exposure, GPS)
• Read Apple-generated metadata (faces, places, dates, albums you’ve made)
• Read Memories and curated collections
• Write new photos to the library if it has write access

It does not automatically let an app:

• Use your camera (separate Camera permission)
• Read other files on disk (separate Files & Folders)
• Sync your library to its own servers (the app would have to upload, which you’d see in network activity)

macOS introduced a useful refinement in recent versions: selected access vs full access. When an app requests Photos, you can choose to grant access to specific photos you pick rather than the whole library. The app sees only what you hand it. This is the default for most reasonable workflows and the option you should usually choose.

Where to manage the list

Open System Settings → Privacy & Security → Photos. Each app has a control beside it. Depending on how you granted it, you’ll see “All Photos,” “Selected Photos,” or “None.”

To change an app’s access:

• Click the app’s row
• Pick a different option

For Selected Photos, you can also re-pick which images that app sees by clicking “Manage Selected Photos…” inside the app — most apps that support this feature surface a “Manage Selection” option in their UI when you’d expect it.

Who legitimately needs full Photos access

A short list:

• Photo editors — Lightroom, Capture One, Affinity Photo (sometimes), Pixelmator Pro
• Cloud backup of your library — Google Photos, OneDrive, Amazon Photos (each can request full access to mirror everything)
• AI/face-organizing tools — apps that scan your library for duplicates or faces
• Slideshow and screensaver apps — the ones that pull random photos from your library
• Some social and chat apps with library integrations — Messages reads photos through different APIs and doesn’t need this; Telegram or Signal may

Most other apps don’t need full library access. A document scanner, a meme maker, a small editing app — these can all work fine with Selected Photos access.

Audit your permissions in one screenSweep shows every app’s permissions on one page. Revoke in one click. Get Sweep free →

Selected vs Full: when to use which

Selected Photos is the better default. It works like this: when you grant Selected access, the app gets to ask you which photos it can see. You can re-pick later. The app never sees photos you didn’t explicitly hand it.

Full Photos is what you want when:

• You’re using a full-library photo manager (Lightroom, Photos itself for sync)
• You’re backing up everything (Google Photos, OneDrive)
• You need an AI or organizational tool to scan the entire library

For everything else — chat apps that occasionally need an attached image, document scanners, photo-to-PDF tools — Selected is the right choice.

How to flip an app from Full to Selected

In System Settings → Privacy & Security → Photos, click the app and choose “Selected Photos.” macOS will prompt you to choose which photos to share. The app continues working but only sees what you’ve selected.

If the app behaves weirdly afterwards, that’s information — it might be silently scanning beyond what its core function needs. Some apps are upfront about needing full access. Others quietly take it because the prompt is easier than designing around Selected. The toggle gives you control either way.

What about uploading photos to web apps?

Web apps in Safari or Chrome don’t go through the Photos permission system. When you upload a photo on Twitter or Slack-in-browser, the file picker opens and you choose a photo — that’s a one-time selection, not a persistent permission grant.

The Photos permission applies to native apps on your Mac. The browser is its own thing. So you’ll never see “Safari” or “Chrome” in this list under normal circumstances — they don’t request library-level access.

See what your apps actually accessSweep surfaces every camera, mic, file, and location permission on your Mac. Download Sweep free →

What metadata leaks even with Selected access?

When you hand an app a photo via Selected Photos, the app gets the photo file plus its EXIF data. EXIF includes:

• Camera model and lens
• ISO, aperture, shutter speed, focal length
• Date and time
• GPS coordinates (if location was on when you took the photo)

If you don’t want GPS to leak with photos, strip the location before sharing. On a Mac, you can do this in the Photos app:

1. Select the photo
2. Image → Location → Hide Location
3. The location is removed from the version of the photo apps see when you share it through Photos

This works for individual sharing. For a stricter approach, turn off Camera location entirely on your iPhone (Settings → Privacy & Security → Location Services → Camera → Never).

Sandbox apps and Photos

App Store apps must declare the com.apple.security.personal-information.photos-library entitlement to ask for Photos. Most do, including the Mac App Store version of common photo tools. Sandboxed apps can still get full or selected access — the sandbox is about file system reach, not about which OS-level permission APIs they can invoke.

Apps from outside the App Store request the same permission, just without the sandbox guardrails. Either way, the toggle is yours to control.

What about iCloud Shared Library?

Sonoma added Shared Library, where you can share a separate library with up to five people. Photos in the shared library are governed by the same Photos permission as your personal library — apps with Photos access see the merged view. There’s no separate toggle for “your library” vs “shared library.” If you’ve granted full access, the app sees everything in both.

This matters for AI organizing tools. If you’ve set one up to scan your personal library and you later add a shared library, the tool starts seeing those photos too (and any AI-generated metadata about the people in them). Worth knowing if you share with someone who’d prefer their photos not be scanned by your tools.

Revoking ghost entries

Apps you’ve uninstalled sometimes leave entries in the Photos list. The icons go grey and the path is broken. Select the row, click the minus button at the bottom, and authenticate. The entry goes away.

If the minus button is greyed out, quit the app first if it’s running, then try again.

Audit checklist

Once per quarter:

• Open System Settings → Privacy & Security → Photos
• Confirm each app on the list is something you currently use
• For each app set to “All Photos,” ask if “Selected” would suffice
• Remove ghost entries with the minus button
• If you use Shared Library, mentally factor in that those photos are visible too

Skip System Settings — see it all at onceSweep collapses the privacy maze into one screen. Try Sweep free →

Photos access is one of the higher-stakes permissions because the data behind it is so personal. The good news is macOS gives you a meaningful choice with Selected Photos, and the audit is straightforward — three categories of apps that genuinely need full access, and “Selected” or “None” for everything else.