What’s the Difference Between Accessibility and Full Disk Access App Permissions in Mojave?
MacOS recently started using an Android-like permissions system, where apps must ask to access certain resources like your location or contacts. Two of the most permissive options are “Accessibility,” which grants access to “control the computer,” and “Full Disk Access,” which sounds like it does the same thing. They’re listed separately in security settings, though, so what’s the difference?
Accessibility vs. Full Disk Access
Accessibility is the more common of the two and allows an app to control and listen to the system outside of its own container. This is often used for apps that extend system functionality or run processes in the background, such as productivity apps like Alfred. Third-party drivers for devices like game controllers and special mice will show up here as well.
The reason it’s locked down though is that the same permission could also be used for malware that listens to keystrokes or spies on your behavior. You don’t have to worry though, because that’s the exact reason this system is in place; if you accidentally run a malicious application from a non-trusted source, you’ll have to allow it to spy on you manually. And so long as you don’t do that, you’ll be fine.
Full Disk Access is a little different and doesn’t quite mean complete access to your drive. Certain apps like backup solutions, virus scanners, and hard drive cleaners need access to scan all of your files, including ones locked down by the system and used for other apps like Safari and Messages. It doesn’t give the same permissions to listen to input and control the system as Accessibility does, so it’s possible for an app to request both permissions.
It’s also not something you should be afraid of, as it is just marking an app as trusted so that it can access your data. You’ll still only want to enable apps that have a good reason to be scanning your whole drive, but in reality, there’s not too much locked down behind the “Full Disk Access” permission.
However, this doesn’t give the application root access, which would give it the ability to delete or modify the system files macOS uses to run. You’ll have to put in your password manually if an application wants root access.