Why isn't my app required to get permission for input monitoring?

Can anyone please help me with this? I'm unable to make a TSI for this issue as Apple doesn't allow them for beta software. And I'm stuck on 10.15 compatibility until this question is resolved.

Additionally:

If an application does require "input monitoring" permission, how does that app go about requesting that permission? I've found no indication of an API function for doing so.

I'm specifically wondering if there's a function for "input monitoring" that's analogous to Accessibility's AXIsProcessTrustedWithOptions, where the app can choose whether or not a dialog will be displayed to the user asking for permission, but either way the app will be added to the appropriate list in the Security & Privacy preference pane with its corresponding check box unchecked.

In macOS Mojave 10.14 and earlier, event taps using the Quartz Event Taps API were authorized in the "Accessibility" list in the Privacy tab of Security & Privacy preferences, the same as accessibility commands using the Accessibility API. That appears to still be true in macOS Catalina 10.15, at least through dev beta 8 released yesterday. My free EventTapsTestbench application <https://pfiddlesoft.com/eventtapstestbench> appears in the Accessibility list and it works fine.

The "Input Monitoring" list is new in Catalina, and it is not described in the Security & Privacy Help page. I have no idea whether it is meant eventually to take the place of the Accessibility list for this purpose. The "Automation" list, which has been around a while, is equally confusing, and its explanation in the Help page is not helpful to distinguish it from the "Accessibility" list. In Mojave, I find that the "Automation" list contains lots of applications and AppleScript applications (applets), but the "Accessibility" list contains a completely different list. My guess is that the "Input Monitoring" and "Automation" lists are for applications that use AppleScript internally, while the "Accessibility" list is for applications that use Accessibility and Quartz Event Taps API commands internally -- but it's just a guess.

Look at my free Accessibility Testbench application <https://pfiddlesoft.com/accessibilitytestbench> application for more information

Hello, thanks for the reply, and thanks even more for your Event Taps Testbench application! I use it frequently throughout my work and find it to be extremely useful.

I can help clarify the difference between "Accessibility" and "Automation" at least a bit. Accessibility is the permission an application needs to use Apple's Accessibility API in addition to posting events, and monitoring and filtering them with event taps. I think it's something of a misnomer now that event taps and event posting is mixed in with it, as neither of those APIs are actually part of Accessibility, though I imagine many accessibility applications make use of them. Apple's Accessibility API is documented here: https://developer.apple.com/documentation/applicationservices/axuielement_h

"Automation" is what's required for an application to be able to send Apple Events to another application. This is typically done with applets and scripts created using Script Editor but is of course also possible using various other APIs. Every time an application sends an apple event to an app it hasn't previously tried to automate before, it will trigger a new permissions modal dialog asking the user to approve that. Consequently, the "Automation" list in the Security & Privacy system preferences will list each application that has tried to send an apple event, and then nested under them will be each application that it tried to send the apple event to, with a check box for granting or revoking permission. And since AppleScript provides its own interface for using Accessibility features, it creates the rather unfortunate situation where some AppleScripts might need both the Automation and Accessibility permission in order to function. And "full disk access". And a slew of other permissions.

It's really quite a mess, especially given that this triggers numerous nagging modal dialogs. Most users will see those and find them to be frequent and irritating enough that they'll care more about getting rid of them than reading what they have to say, and consequently will click the approve button without considering what they're doing. It's Windows Vista's failed security model all over again. I'm not sure why the engineers at Apple thought this was a good idea.

Soapboxing aside, though, I'm still not sure what "Input Monitoring" is for. In at least one previous beta of 10.15, and I'm not sure which one (probably beta 4 or 5?), my app triggered a modal dialog requesting "input monitoring" permission when it attempted to create an event tap that listened for keystrokes, I think. I'm not 100% sure of that because I can't trigger it again. As you noted, in beta 7 and now in beta 8 creating keyboard event taps does not trigger a modal dialog asking for permission any longer.

I wish someone from Apple would step in and clear this up. It's very important for apps that must observe and filter keystrokes, and I worry that a future release of macOS, possibly even a bugfix update, will suddenly impose this security restriction again without warning, breaking our apps and annoying our users. Historically Apple has not been properly communicative about when these restrictions will be imposed, and how one is supposed to deal with them.

Update: I've tested my apps again in 10.15 beta 10, and now of the three apps I'm working on that create event taps which filter keystrokes, only one of them is required to get the input monitoring permission in order to create that event tap. The other two can create the event tap without asking for or receiving the input monitoring permission. This makes no sense! I can only assume that this bit of security is very buggy.

Could someone from Apple please come here and bring some clarity to this? I'm unable to prepare my apps for macOS 10.15 because I don't know how this is supposed to work!

• When you create an CGEventTap, you specify CGEventTapOptions (https://developer.apple.com/documentation/coregraphics/cgeventtapoptions) Specifying defaultTap triggers the Accessibility permission request, while specifying listenOnly triggers the Input Monitoring permission request.

• If the app already has the Accessibility permission, the app already has permission for Input Monitoring, so the Input Monitoring request doesn't come up

• If the app is granted the Input Monitoring Permission, AXIsProcessTrusted returns false. I found that if I request the Accessibility permission (with the input monitoring already enabled), the prompt doesn't come up.