Ads 468x60px

Reset App Access to OS X Privacy Data from the Command Line

tccutil manages OS X privacy database and app access

If you accidentally permitted an app to gain access to things like your personal contacts list or location, or you'd just like to start over again and have granular control over which applications can access certain data, you can use the command line tool tccutil in OS X 10.8 and later.

Think of the tccutil command as a kind of command line interface to the Security & Privacy control panel, which let's you control apps access to things like contacts, location services, usage statics, and more. This is separate from GateKeeper, which controls the ability of certain applications to launch.

Most users will be better off using the friendlier preference panel, but for those who like to tweak things from the Terminal, here's the basics of tccutil command:

At it's core, tccutil is used to manage the privacy database like so:

tccutil reset [service name]

The example given in the tccutil man page resets the privacy database for which apps can access the Address Book (Contacts) like so:

tccutil reset AddressBook

This will revoke all applications access to AddressBook, meaning the next time you attempt to open any application which wants to access the contacts information, you will be prompted to either allow or deny access for that specific application. That process will repeat itself for each additional app who attempts to access such data.

Similarly, you could apply the same reset to Location Services with the following command:

tccutil reset CoreLocationAgent

The same applies here, all apps that have access to Location Services will be removed, requiring a confirmation again in the future.

You can find a detailed list of services – not all of which will be relevant to tccutil – by entering "launchctl list" into the terminal. As mentioned at the beginning of the article however, if you don't know what you're doing here and why, it's best to stick to the Privacy preference panel to control this type of personal data access.