What are Ventura’s system privacy settings?

macOS privacy controls apply to all executable code, including macOS services. The TCC subsystem responsible for this imposes its controls over access to protected services, features and locations according to records in its two databases at /Library/Application Support/com.apple.TCC/TCC.db and ~/Library/Application Support/com.apple.TCC/TCC.db. Most of those records are made when executable code in an app or other code requests access and TCC obtains the user’s consent, but some are added without any user involvement, as system features. This article aims to discover which privacy settings in TCC are set by macOS itself, and are system privacy settings.

The best way to discover which are set by macOS is to reset all using the command tool tccutil, in an otherwise untouched instance of Ventura running in a virtual machine (VM). Log records should then reveal which system privacy settings are deleted to accomplish that reset, and which are subsequently restored without user consent or notification.

What is Liverpool?

Although most privacy settings are named transparently, there are still two with internal code names: kTCCServiceLiverpool and kTCCServiceUbiquity. Although the latter has long been recognised as referring to iCloud services, the former has variously been claimed to refer to Location Services or to CloudKit. Even recent articles refer to kTCCServiceLiverpool as relating to Location Services.

Extensive searches have failed to yield any Apple documentation explaining the meaning of those terms, although a few unofficial mentions have appeared since 2016, stating that kTCCServiceLiverpool controls CloudKit access.

To clarify this, the TCC subsystem has no concern at all with access to Location Services data. This is readily demonstrated by observing the log when changing different items in Privacy & Security settings: altering any in its Location Services category results in no TCC activity, as the changes are made by locationd and its associates; changing other privacy settings there results in a flurry of entries from TCC as it records the changes in its databases. This article lists services known to have kTCCServiceLiverpool access, which manifestly isn’t associated with location but with iCloud services in the form of CloudKit.

iCloud services

Ventura has access to two broad service groups in iCloud: CloudKit, for sharing and syncing data, and iCloud Drive, for sharing and syncing discrete files. Apple provides a useful overview of the former, and fuller details of its API.

While lightweight macOS VMs on Apple silicon are intentionally unable to sign in to iCloud using an Apple ID, that doesn’t prevent them from using CloudKit. Apple points out that CloudKit is still available then as “a valid iCloud account is only necessary when you want to save data that is specific to a single user. Apps can always store data in a public area that is readable by all users.” This presumably also applies to code checks run when launching executable code, which were first noticed to involve iCloud in Catalina.

TCC reset

Once the command
sudo tccutil reset All
is being executed, TCC begins deleting all items in its database. Concentrating for the moment on CloudKit (kTCCServiceLiverpool), this involves a series of log entries such as
5.785551 com.apple.TCC Publishing <TCCDEvent: type=Delete, service=kTCCServiceLiverpool, identifier_type=Bundle ID, identifier=com.apple.Passbook> to 2 subscribers: {
518 = "<TCCDEventSubscriber: token=518, state=Passed, csid=com.apple.photolibraryd>";
337 = "<TCCDEventSubscriber: token=337, state=Passed, csid=com.apple.cloudd>";

In a bare system, with nothing else installed in Privacy & Security settings, those deletions are completed in around 0.003 seconds, at the end of which TCC moves on to do the same for a shorter list of subsystems for iCloud Drive (kTCCServiceUbiquity).

The following 27 subsystems are set by the system to have access to CloudKit, with kTCCServiceLiverpool:

  • com.apple.Passbook for Wallet access services
  • com.apple.Safari for Safari
  • com.apple.amsengagementd for ‘engagement’ with Apple media services including former iCloud media services
  • com.apple.appleaccountd for Apple ID account services
  • com.apple.assistant.assistantd to support Siri, dictation and semantic understanding
  • com.apple.avatarsd for Memoji and Animoji support
  • com.apple.biomesyncd for iCloud-based suggestions by Biome
  • com.apple.callhistory.sync-helper for syncing (telephone) call history
  • com.apple.cloudpaird for Bluetooth out-of-band pairing to support Continuity features
  • com.apple.donotdisturbd for Do Not Disturb, and possibly Focus more generally
  • com.apple.icloud.fmfd for the Find My Friends service
  • com.apple.icloud.searchpartyuseragent for further Find My support (although this is sometimes misinterpreted as malware!)
  • com.apple.identityservicesd for identity management services
  • com.apple.imagent for IM Agent, a service listening for FaceTime invitations
  • com.apple.knowledge-agent for Siri suggestions and related knowledge services
  • com.apple.passd for Apple Pay and Wallet services
  • com.apple.protectedcloudstorage.protectedcloudkeysyncing for syncing of protected iCloud storage
  • com.apple.securityd for main security services
  • com.apple.shortcuts for the Shortcuts app, which relies on CloudKit storage for its shortcuts
  • com.apple.siriknowledged for Siri suggestions and related knowledge services
  • com.apple.sociallayerd for the provision of privacy-sensitive data for social media
  • com.apple.suggestd for the provision of content-based suggestions
  • com.apple.syncdefaultsd for the syncing of settings data
  • com.apple.textinput.KeyboardServices for text-based services such as text replacement
  • com.apple.transparencyd for authorisation of access to private data
  • com.apple.triald for machine learning services
  • com.apple.willowd for HomeKit support and Home features.

The following subsystems are set to have access to iCloud files, with kTCCServiceUbiquity:

  • photolibraryd for Photos library services
  • com.apple.finder for the Finder
  • com.apple.stocks.detailintents for Stocks
  • com.apple.weather for Weather
  • com.apple.weather.widget for the Weather widget.

Restoring services

No sooner has it completed deleting those than TCC starts restoring most of the services it has just deleted from its database. Typical entries for com.apple.securityd might read
5.794488 com.apple.TCC REQUEST_MSG: msgID=453.44, msg={
modDate=0 (0x0)
flags=0 (0x0)
5.795669 com.apple.TCC Update Access Record: kTCCServiceLiverpool for com.apple.securityd to Allowed (System Set) (v1) at 1675870565 (2023-02-08 15:36:05 +0000)
CodeReq: None
Indirect : Unused
5.796052 com.apple.TCC Publishing <TCCDEvent: type=Modify, service=kTCCServiceLiverpool, identifier_type=Bundle ID, identifier=com.apple.securityd> to 2 subscribers: {
518 = "<TCCDEventSubscriber: token=518, state=Passed, csid=com.apple.photolibraryd>";
337 = "<TCCDEventSubscriber: token=337, state=Passed, csid=com.apple.cloudd>";

Of the 27 subsystems deleted from TCC databases, the following 15 are restored to kTCCServiceLiverpool Allowed within a couple of seconds of a TCC reset:

  • com.apple.amsengagementd
  • com.apple.assistant.assistantd
  • com.apple.cloudpaird
  • com.apple.donotdisturbd
  • com.apple.identityservicesd
  • com.apple.knowledge-agent
  • com.apple.passd
  • com.apple.securityd
  • com.apple.shortcuts
  • com.apple.siriknowledged
  • com.apple.sociallayerd
  • com.apple.suggestd
  • com.apple.syncdefaultsd
  • com.apple.transparencyd
  • com.apple.willowd.

The other 12 may follow later.


When a user hasn’t signed in to an iCloud account with their Apple ID, a total of 27 subsystems in macOS are given access to protected data using CloudKit, and five to iCloud Drive. Without a connected iCloud account, those subsystems can only access data in public areas that is readable by all users, and cannot access any private data in iCloud. However, those under the impression that not providing their Mac with an Apple ID prevents it from accessing iCloud might like to reconsider.