A Guide to Catalina’s Privacy Protection: 4 tccutil

Apart from the Privacy tab in the Security & Privacy pane, the only utility which operates on Mojave’s and Catalina’s privacy system is the command tool tccutil. Worse still, that command only has one function, to reset – that is, remove – current privacy settings. At least it now offers finer control over just what you reset.


When your privacy settings have become hopelessly munged and you want to start with a clean sheet, use
tccutil reset All
and all the lists in Privacy should be cleared. However, as Matthew Warren has shown, this doesn’t actually appear to reset some lists, which may need to be reset individually. TCC also maintains at least two lists, one for each user, and one for root, which isn’t visible in the Privacy pane but can be accessed by running tccutil as root.

If you want to remove just one app from all the lists, use
tccutil reset All com.vendor.appname
to apply that to the app with the identity com.vendor.appname.

To clear all entries in a particular privacy list, use
tccutil reset ListName
which clears every entry from the ListName list.

The finest control that you get is to clear the entry for a specific app in a specific list, which is
tccutil reset ListName com.vendor.appname

You can discover app identities from a number of places, including by dragging and dropping the app onto my free utility Taccy, which displays this as the App ID in the top left of its window.

Apple doesn’t appear to list the services which can be used as ListName in the commands above, despite that being reported as a bug. Those available in Mojave and Catalina include:

  • Accessibility
  • AddressBook (for the Contacts list)
  • AppleEvents (for the Automation list)
  • Calendar (note the singular, for the Calendars list)
  • Camera
  • Microphone
  • Photos
  • Reminders.

Added for Catalina are:

  • ScreenCapture (for the Screen Recording list)
  • SystemPolicyAllFiles (for the Full Disk Access list, which may also work in Mojave)
  • SystemPolicyDesktopFolder
  • SystemPolicyDeveloperFiles (which doesn’t match any of the lists in the Privacy pane)
  • SystemPolicyDocumentsFolder
  • SystemPolicyDownloadsFolder
  • SystemPolicyNetworkVolumes
  • SystemPolicyRemovableVolumes
  • SystemPolicySysAdminFiles (which doesn’t match any of the lists in the Privacy pane).

All except the first two of these refer to properties allowed in the Files and Folders list.

A rumoured addition for Catalina is SpeechRecognition or Siri, but I can’t find anyone who has used it successfully. Additional lists which may or may not do anything are given here.

The following lists appear only to be controlled in Privacy:

  • Developer Tools
  • Input Monitoring
  • Location Services

That is the sum total of controls which Apple provides the user with.