I audited every TCC grant on my Mac. The result was uncomfortable.

macOS tracks every privacy permission you have ever granted any app in a SQLite database called TCC. I ran the Aguacatech Permission Inspector against my own Mac for the first time as a serious audit. The result was a small wake-up call, and a reminder that System Settings is structurally the wrong tool to do this with.

What TCC actually is

Two SQLite databases:

• ~/Library/Application Support/com.apple.TCC/TCC.db, your user-level grants.
• /Library/Application Support/com.apple.TCC/TCC.db, system-level grants (admin-installed apps).

Each grant is a row. Service column says which permission (kTCCServiceAccessibility, kTCCServiceScreenCapture, kTCCServiceCamera, …). Client column says which app (bundle ID or path). A status column says granted/denied/prompt.

That's the whole privacy model. macOS shows you a panel-per-permission view in System Settings, with each panel listing the apps that hold that one grant. There is no panel that shows you all the grants for a single app, and there is no panel that shows you anything as a grid.

The audit

I opened Aguacatech's Permission Inspector for the first time on this Mac after running it for nine months. Here is what was on it:

Accessibility, 11 apps

Accessibility permission lets an app post synthetic input events and read the contents of other apps. It is the most powerful TCC grant after Full Disk Access. Of the 11 apps on the list:

• 3 were justified: a window manager, a clipboard manager, Aguacatech (for Quick Actions).
• 4 were borderline: two screen recorders I use rarely, a meeting helper, an OCR utility.
• 4 were obviously stale: two automation apps I had stopped using a year ago, one IDE I had uninstalled (the TCC row remained), and one menu-bar app whose name I did not recognize.

Stale TCC entries are common. macOS does not garbage-collect them when you uninstall an app, and the Aguacatech Permission Inspector marks them with an Unknown signer because the binary is gone. Those are the easiest to clean up: nothing left to break.

Screen Recording, 4 apps

Includes "can capture the contents of any window on your screen, including your password manager". The four:

• Screen recorder I use weekly: keep.
• Meeting helper that screen-shares: keep, but only when calls.
• An old "AI assistant" I had granted Screen Recording to in 2024 and never disabled: revoke.
• A clipboard manager that I did not realise had Screen Recording: revoke.

Full Disk Access, 8 apps

Full Disk Access is the strongest TCC grant. Five of mine were tools I had installed and reviewed (Time Machine app, two backup tools, a duplicate finder I had since replaced, Aguacatech itself for the Permission Inspector). The other three were apps I had granted FDA to during onboarding without thinking, none of them needed it for their primary function. Revoked all three; nothing broke.

Camera and Microphone, too long to list

Every video meeting app, every screen recorder, every dictation tool. Most of these are justified. I left them alone, but turned on the Webcam/Mic Activation Log, which appends a row every time the camera or mic actually fires, with the responsible PID. The next month was instructive: two apps I had not used in weeks were briefly grabbing the mic on launch. One had a config I could disable; the other I just uninstalled.

Automation, long tail of cruft

Automation grants are (app, target app) pairs. Aguacatech itself was authorised to drive 17 different apps from various AppleScript tool calls over the months. Most were fine. A few were apps I had uninstalled. The deep links in Aguacatech's Permission Inspector take you straight to the right pane in System Settings, so revocations are one click each.

Why System Settings can't do this

Apple's design priority for the privacy panel is to make per-permission policy clear. Their UI is structured around the question "which apps can record my screen?", which is a fine question. But the more important question, on the user side, is "what permissions does this one app have, and are they all justified?". You cannot answer that without clicking through 18 separate panes and assembling the answer in your head.

An audit grid is the right shape: apps as rows, permissions as columns, granted permissions as a dot you can scan. Aguacatech reads the TCC.db files directly and renders that. It needs Full Disk Access to do it, macOS protects TCC.db like any other privacy database, and it never writes to TCC. macOS doesn't allow third-party apps to revoke TCC grants programmatically; only the user can, through System Settings. Aguacatech deep-links you to the right pane for each grant. Toggle off, come back, hit Refresh.