How to manage the privacy settings in OS X

There are several ways you can manage which programs have access to your private data in OS X.

The latest versions of OS X integrate a number of personal data services that can be accessed by various applications. For example, if you have a Twitter account set up in OS X, you can then have various programs send tweets to this account or otherwise interact with it. Though convenient, this does need to be secured, so Apple invokes management of this service through a central privacy framework, which you can interact with both in the system preferences and in the command line.

When a program requests access to your personal data, the system will first present you with a dialog window to either accept or deny the request. This is a first security step where you can block unwanted access to your personal information.

Privacy access request in OS X
When a program initially requests your data, you will see this window show up. However, regardless of what you choose, the program will be added to the privacy database. Screenshot by Topher Kessler/CNET

Regardless of which option you choose when this dialog appears, the program will be added to the Privacy system preferences. If you accept the request, then it will be enabled in these preferences, but if you reject the request, then the program will be disabled and unchecked in the preferences.

You can then manage the program by going to the Security & Privacy system preferences and selecting the Privacy tab. Here you will see a list of services you have configured (social media, locations, and contacts), and selecting each will show you the programs that have so far requested access to the services. Checking or unchecking the box next to the program name will then either grant or revoke access.

While this approach is convenient, once added to the database there is no way within the system preferences to remove any programs from the privacy list. However, this can be done in two ways from the command line if needed.

The first method is to remove individual applications from the list; however, since the list is managed in a central database this requires you to access and edit this database, which because of permissions restrictions requires you to use a root shell and command-line editors. If you are up to the task, you can try your hand at it as outlined in this StackExchange discussion.

OS X Privacy settings per application
These boxes will manage whether or not a program has access to your data. Screenshot by Topher Kessler/CNET

Removing individual applications from the Privacy list is unsupported and requires custom editing to do; another approach is to use Apple's built-in "tccutil" command to clear the application entries for a specific privacy service. With this tool you can, for instance, reset the applications that you have allowed access to your Twitter account, and require them all to again request access. To do this, open the Terminal utility and run the following command:

tccutil reset SERVICE

In this case, the service is the name of the one you wish to reset, which can be "Twitter" or "Facebook," or even "AddressBook" for your contacts. The full list of supported services include: AddressBook, CoreLocationAgent, Facebook, Twitter, Reminders, Calendar, SinaWeibo, Accessibility, and if you wish to remove everything, then you can use the keyword "All."

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.