Mac apps often request some kind of “permissions” during their installation. Since Apple expanded macOS Mojave’s Security and Privacy permissions, requests have only increased. If we could track the most frequently requested permission, it would have to be Accessibility access. The name of the permission seems to imply that the permission should be used for accessibility functions. So why are apps like TextExpander, Alfred, and Dropbox asking for Accessibility permissions?
What Does “Accessibility” Mean?
The word “accessibility” obviously has its own definition. Clearly, that’s not the definition that Apple is employing. While the original goal of the accessibility functionality was to provide accommodations for people with oral, visual, and aural disabilities that could be aided through specific software adjustments. It also permits system-controlling accessibility apps to override typical system protections and run their functionality.
Accessibility settings are available on both iOS and macOS. In both cases, they permit sweeping changes to the operating system’s functionality. On iOS, the changes are more limited. You can limit animation to reduce motion blur or invert the screen for higher contrast. You can also adjust audio settings to favor one ear over the another if your hearing is unbalanced.
macOS offers far broader permissions through Accessibility. While macOS lacks the variety of Accessibility settings of iOS, it does feature some of them. Open System Preferences -> Accessibility and you can find accommodations like contrast adjustment, inverted colors, interface zoom, and transparency reduction.
How Accessibility Settings Changed
These are the type of settings most people imagine when they think of accessibility settings. But over the years, the Accessibility sections of both macOS and iOS have become a place to house system-wide tweaks. As macOS and iOS have become increasingly closed to advanced user adjustments, system-tweaking functions have been segregated into the Accessibility sections of their respective operating systems. As the number of Accessibility options has increased, the narrow focus on disabilities has changed.
Today, people with even mild physical inconveniences, like eyesight requiring reading glass, can adjust their computing systems to accommodate them. This is clearly a superior option to a lack of accommodation, and by no means should anyone suggest otherwise. Don’t forget that all of us will one day need accessibility functions of some kind. As we age, our bodies break down, and no one is immune from age-related physical changes.
As a result, power users are often shunted to the Accessibility menus to access interesting and useful system tweaks. Take, for example, iOS’ Smart Invert, which creates a makeshift Night Mode on your iPhone. Or consider announcements, which reads aloud sections of selected text, allowing you to create brief audio stories from online posts you might not want to read in their entirety but could listen to while folding laundry.
Outside of the Accessibility menus of macOS are Accessibility permissions. These permissions, created for accessibility apps, can be requested by any application. They provide broad control over the operating system. Applications with Accessibility permissions can monitor and act based on other applications, interact with other application, or listen for user input across apps.
What Accessibility Permissions Allow
Accessibility permissions give apps extremely broad access to your Mac. Apps with this permission can access the entire system and control other apps. It’s essentially Full Disk Access plus Automation permissions.
Full Disk Access allows permitted applications to read, write, and modify files anywhere on your disk. It’s a separate permission in Mojave, but since Accessibility contains it, Full Disk Access is very rarely requested. Automation permissions allow permitted apps to control other apps, reducing many of the app’s sandbox restrictions. With Automation permissions, the app can watch what you do and react to it.
Why So Many Apps Ask for Accessibility Permissions
Some Mac apps require broad access to the system. And indeed, this access was permitted with virtually no restrictions on older versions of macOS—much like the way Windows 10 operates to this day. On previous macOS versions and Windows, only folder permissions protect content from modification by arbitrary applications. Today, Mojave includes close to a dozen different security and privacy permissions that can be requested by apps. This reflects a growing focus on privacy by Apple, as well as increasing consumer awareness of how applications absorb and exploit user data.
With all the restrictions on modern applications, developers frequently have to request specific access to make their apps work. The most popular apps on macOS tend to be apps like Magnet or DaisyDisk that require broad system access to function. So macOS users clearly aren’t shy about giving broad permissions to applications, and many developers aren’t shy about requesting them either.
Accessibility permissions have become something of a golden ticket or carte blanche for apps, allowing them to do just about anything on the operating system. Some developers treat it as a blanket permission. It means the app will always have the access it needs. The app might not even need broad access, but developers don’t want to deal with hard-to-track issues based on an overzealous sandboxing architecture.
The Risks of Broad Permissions
In a perfect world, applications would only request the permissions they must have for their functionality. Android follows this kind of permission architecture. When applications are installed, they request the permissions that they will need right away. Users are then free to cancel the installation. There’s even been an ongoing push for users to selectively deny permissions from overzealous apps, but that could play havoc with application functionality. This stems mostly from the Google Play Stores positively stunning array of malware and broken software. Users must be observant and careful to avoid having their messages and contacts siphoned into a Russian hacker’s database.
Because macOS has no such problem, there’s been very little user awareness of what permissions even do. As a result, it would be trivially easy for a Trojan horse application to receive Accessibility permissions and brutalize your system with impunity. Users interpret these requests as annoying speed bumps, not dangerous conditions they need to think about carefully.
Alert Fatigue and Security Risks
This leads to a condition called “alert fatigue.” It’s commonly found in healthcare workers whose work environment is densely blanked in a constant barrage of audible alerts. The sheer density of bells, ringers, and buzzing could mean anything from “change IV bag” to “the patient’s heart has stopped beating.” Medical workers must selectively ignore audible alerts just to think clearly, and as a result, can end up ignoring crucial alerts.
This happens even in highly-trained people with their own life on the line: the pilots of Air France 447 flew their plane directly into the ocean because they were ignoring a blaring stall warning for minutes on end.
The same alert fatigue occurs among computer users. After being asked for broad permissions dozens of time, you just grant them automatically. After all, it didn’t cause any problems the last ten times you allowed it. It’s not even clear to the average user what these permissions do, making it impossible to have an informed decision.
In theory, this represents a major human factors failure in system security and could be exploited by attackers. Malware could exploit Accessibility access to log activity or inject attacks. That’s why Accessibility permissions require a special feature. The user must turn on an app’s Accessibility access manually in System Preferences. There’s been no case of this happening in the wild, but it’s a vector that could be exploited.
Like many security problems, this can be prevented through appropriate education and attentiveness. Now you know what Accessibility permissions do. They allow the app to control everything on your system, from keystrokes to Time Machine backups. If you can’t trust the app with that kind of access, do not grant it. You likely wouldn’t even know if an app was piping your information off to some hackers somewhere, so you need to interdict these apps at the installation process, just like Android does.
You might also be interested in the following posts: