Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

Enabling System-Controlling Utilities in Mavericks

LaunchBar, TextExpander, Keyboard Maestro, RescueTime — these and many other utilities have one thing in common: they rely on Mac OS X’s support for “assistive devices” to perform tasks that are normally forbidden to applications. Because this setting can’t be enabled by software, these apps always ask the user to turn it on at initial launch if it’s not already enabled. (In “Scripting the Unscriptable in Mac OS X,” 10 March 2003, Matt Neuburg explained this capability and where it came from — it’s actually related to the Workforce Investment Act of 1998, a U.S. statute more commonly known as Section 508.)

In versions of Mac OS X before 10.9 Mavericks, “Enable access for assistive devices” was a system-wide setting located in the Accessibility pane (previously known as Universal Access) of System Preferences. It was highly obscure, particularly because most users never understood the connection between “assistive devices” and clever Mac utilities.

According to Shelly Brisbin, an accessibility expert and author of the forthcoming book “iOS Access for All,” the original goal of the “Enable access for assistive devices” option was to make it possible for special hardware devices to drive software that would in turn control the Mac’s interface. The device could, for instance, have a switch that would drop menus or click buttons.

For the most part, however, this accessibility feature instead ended up being used by mainstream utilities that need to control various aspects of the operating system and other applications like a puppet-master, clicking buttons and invoking commands behind the scenes. Such capabilities are normally prohibited to apps, and hooking into the accessibility system gave these utilities significantly more exposure into the underpinnings of Mac OS X.

That’s all fine, but Apple changed things in Mavericks, in two major ways. First, the feature has moved from working system-wide to a per-app basis, giving users more-granular control and better security, since malicious software can’t ride on the coattails of system-wide access, as some keyloggers used to. Second, because you’re basically granting permission to a piece of software to control your Mac, the interface for controlling this permission moved to the Security & Privacy pane of System Preferences, under Accessibility.

(In fact, Mavericks improves on the previous situation in another way too, with the introduction of the Switch Control options in the Accessibility preference pane — they allow the Mac to be controlled by one or more switches, such as from a gamepad or other assistive device. This YouTube video from Luis Perez explains more.)

Apps that need to control your computer appear in the Accessibility list in Security & Privacy after you launch them — you’ll start seeing new alerts directing you to this preference pane as utilities are updated for Mavericks. And in fact, because the permissions are now on a per-app basis, you’ll get a request from every app that needs permission — the previous blanket permission from selecting “Enable access for assistive devices” no longer applies.

To give such an app permission to control your Mac as necessary, click the lock icon, enter your administrator password, and then select the checkbox next to the app in question. If a utility that requires such accessibility permissions isn’t working as expected, it’s worth making sure it’s enabled in the Accessibility list.

(As a minor aside, clicking the lock to make changes is required for items in the Accessibility list and the Location Services list, but not for Contacts, Calendars, Reminders, Twitter, or Facebook, likely because the former two apply to all user accounts on the Mac, rather than just the current account. Nevertheless, it’s an example of atrocious interface on Apple’s part — why should the lock apply to some of these lists but not others?)

You’ll notice in the screenshot above that Skype and System Preferences are in the list, but I haven’t given them permission. That’s because I have no idea why they would need it, and it’s a bad idea to give such broad control to any application without knowing why it’s necessary. You might also wonder why the activity monitoring utility RescueTime is in the list; a release note says it helps RescueTime increase accuracy by correctly determining when you switch windows.

In the end, the changes in Mavericks are a good thing, but since the previous situation was nearly inscrutable and the accessibility system is still being used by mainstream utilities, users are bound to remain confused.

But now you know what’s going on, so help spread the word!

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Enabling System-Controlling Utilities in Mavericks