macOS Mojave strengthens user security and privacy by barring apps from using the built-in FaceTime camera or microphone without your explicit consent. Here’s how to review and manage which Mac apps are permitted to access your computer’s camera or microphone.
The macOS software has long included an app permission feature that allows you to control whether apps on your computer are permitted to access private information such as your geographical location, the Photos library, contacts, calendars and reminders.
Tightening up security & privacy
In Mojave, the app restrictions panel includes a pair of new toggles for the built-in FaceTime camera and your Mac’s microphone. Without permission to use the camera or microphone, an app cannot capture video or record audio—not even silently nor in the background.
For your own security, these toggles are off by default.
As a result, you’ll need to give every app you open for the first time, like Skype or QuickTime Player, explicit permission to use your computer’s microphone or camera.
Here’s how you can manage camera and mic access for any apps installed on your Mac. You’ll learn how to grant apps like the video-conferencing software Skype access to the camera when you need to conduct a video-chat with your boss, revoke permission for apps you suspect might be recording audio or video without your knowledge, and more.
Securing your Mac’s cam & mic
By default, macOS Mojave prevents all apps using its AVFoundation API from getting microphone or camera data without your consent. When you open an app for the first time that wants to access that hardware, the system pulls up a permission prompt.
To grant the app access to the cam or mic, click OK. If this app is from a legitimate developer and includes Mojave support, you can grant it access and never think about it again.
By bringing user authorization for camera and microphone to Mojave, Apple has elevated your security. It is important to understand that this feature requires that apps use Apple’s AVFoundation API and be compiled with the macOS Mojave 10.14 SDK.
But what about rogue apps?
Apple saw to that, too: apps that attempt to circumvent the system and initiate capture without user consent will be stopped in their tracks by Apple’s dedicated T1 and T2 chips found in select Mac modes (more on that later). Your Mac’s camera or microphone hardware can also be disabled by using the Parental Controls feature or Mobile Device Management.
Without further ado, here’s how you can manage access to your Mac’s microphone and camera and revoke permissions at any time, and with just a few clicks.
How to adjust Mac camera & mic permissions
Do the following to consent for apps to use the mic or webcam.
1) Select System Preferences from the Apple menu.
2) Click the icon labeled Security & Privacy.
3) Click the Privacy tab at the top.
4) In the lefthand column, click on either Camera or Microphone to manage app permissions.
5) Tick the boxes next to apps for which you’d like to grant access to the mic or cam.
Conversely, untick the boxes for any apps that you want to revoke permission from.
If you try to change permission for the app you’re currently using, up will pop a message cautioning you that the changes will take effect after the app is restarted (as shown on the screenshot below). The dialog asks you to either choose to have macOS automatically quit the app on your behalf or have you do it on your own later.
Making changes using the app permission panel does not require administrative privileges.
This is by design and very practical because you can easily jump in at any time to grant temporary mic or cam access to an app or revoke permissions on a whim.
To really tighten up user privacy, Apple has designed ARM-based coprocessors, dubbed T1 and T2, that boost security by driving things like the System Management Controller, the Touch ID sensor and Apple Pay while acting as a gatekeeper to the microphone and FaceTime camera, helping protects you from potential hacking attempts.
Those chips, found in iMac Pro and 2016 and newer MacBook Pro with Touch Bar, run a variant of watchOS. Called eOS, this embedded software handles the above functions in a secure manner, independently of Intel’s main CPU running macOS.
Need help? Ask iDB!
If you like this how-to, pass it along to your support folks and leave a comment below.
Got stuck? Not sure how to do certain things on your Apple device? Let us know via [email protected] and a future tutorial might provide a solution.
Submit your own how-to suggestions via [email protected].