{"id":47691,"date":"2025-05-12T14:38:49","date_gmt":"2025-05-12T18:38:49","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=47691"},"modified":"2026-03-30T13:59:58","modified_gmt":"2026-03-30T17:59:58","slug":"pasteboard-privacy-preview-in-macos-15-4","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/05\/12\/pasteboard-privacy-preview-in-macos-15-4\/","title":{"rendered":"Pasteboard Privacy Preview in macOS 15.4"},"content":{"rendered":"<p><a href=\"https:\/\/developer.apple.com\/documentation\/updates\/appkit#macOS-pasteboard-privacy\">Apple<\/a> (via <a href=\"https:\/\/tech.lgbt\/@jnadeau\/114479076464726578\">Jeff Nadeau<\/a>):<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/documentation\/updates\/appkit#macOS-pasteboard-privacy\"><p>Prepare your app for an upcoming feature in macOS that alerts a person using a device when your app programmatically reads the general pasteboard. The system shows the alert only if the pasteboard access wasn&rsquo;t a result of someone&rsquo;s input on a UI element that the system considers paste-related. This behavior is similar to how <a href=\"https:\/\/developer.apple.com\/documentation\/UIKit\/UIPasteboard\"><code>UIPasteboard<\/code><\/a> behaves in iOS. New <code>detect<\/code> methods in <a href=\"https:\/\/developer.apple.com\/documentation\/AppKit\/NSPasteboard\"><code>NSPasteboard<\/code><\/a> and <a href=\"https:\/\/developer.apple.com\/documentation\/AppKit\/NSPasteboardItem\"><code>NSPasteboardItem<\/code><\/a> make it possible for an app to examine the kinds of data on the pasteboard without actually reading them and showing the alert. <a href=\"https:\/\/developer.apple.com\/documentation\/AppKit\/NSPasteboard\"><code>NSPasteboard<\/code><\/a> also adds an <a href=\"https:\/\/developer.apple.com\/documentation\/AppKit\/NSPasteboard\/accessBehavior-86972\"><code>accessBehavior<\/code><\/a> property to determine if programmatic pasteboard access is always allowed, never allowed, or if it prompts an alert requesting permission. You can adopt these APIs ahead of the change, and set a user default to test the new behavior on your Mac. To do so, launch Terminal and enter the command <code>defaults write &lt;your_app_bundle_id&gt; EnablePasteboardPrivacyDeveloperPreview -bool yes<\/code> to enable the behavior for your app.<\/p><\/blockquote>\n\n<p>The Swift and Objective-C APIs are different.<\/p>\n\n<p><a href=\"https:\/\/mastodon.social\/@arroz\/114482298970120101\">Miguel Arroz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@arroz\/114482298970120101\">\n<p>Long ago when I was still at Apple I filed a radar suggesting something like this when I found out the Facebook iOS app would look into the pasteboard as soon as it was brought forward and suggest posting any URL the user might have there.<\/p>\n<p>This is incredibly hard to get right since there&rsquo;s no straightforward way for the OS to know if a paste op is legit.<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/03\/31\/macos-15-4\/\">macOS 15.4<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/10\/21\/ios-16-1-per-app-copy-and-paste-permissions\/\">iOS 16.1: Per-App Copy-and-Paste Permissions<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/09\/19\/extra-ios-16-paste-prompts\/\">Extra iOS 16 Paste Prompts<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/07\/14\/ios-14-pasteboard-notifications\/\">iOS 14 Pasteboard Notifications<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/03\/17\/ios-apps-snooping-on-pasteboard-data\/\">iOS Apps Snooping on Pasteboard Data<\/a><\/li>\n<\/ul>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2025-05-13\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2025-05-13\">2025-05-13<\/a>): See also: <a href=\"https:\/\/mjtsai.com\/blog\/2025\/05\/12\/pasteboard-privacy-preview-in-macos-15-4\/#comment-4259799\">additional details<\/a> about System Settings and <code>tccutil<\/code> and <a href=\"https:\/\/www.macrumors.com\/2025\/05\/12\/apple-mac-apps-clipboard-change\/\">MacRumors<\/a>.<\/p>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2025-05-14\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2025-05-14\">2025-05-14<\/a>): <a href=\"https:\/\/eclecticlight.co\/2025\/05\/14\/what-has-apple-added-in-advance-of-macos-16\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2025\/05\/14\/what-has-apple-added-in-advance-of-macos-16\/\">\n<p>This appears complicated, and I expect may need simplification during beta-testing, or users could be baffled.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/lapcatsoftware.com\/articles\/2025\/5\/3.html\">Jeff Johnson<\/a> (<a href=\"https:\/\/mastodon.social\/@lapcatsoftware\/114506383799211658\">Mastodon<\/a>):<\/p>\n<blockquote cite=\"https:\/\/lapcatsoftware.com\/articles\/2025\/5\/3.html\"><p>First, the alert has no option to <em>always<\/em> allow paste. Second, the alert has no explanation of <em>why<\/em> the app is trying to access the pasteboard. Third, and most important, I don&rsquo;t want the first launch experience of my app to be a permissions request.<\/p><p>Thus, I&rsquo;m simply removing the feature from Link Unshortener that autofills a URL from the pasteboard. It&rsquo;s not an essential feature for the app, just a minor quality of life improvement. I&rsquo;m making the app a little worse to avoid the much worse permission prompt.<\/p><p>[&#8230;]<\/p><p>Perhaps at WWDC, Apple will announce a new <tt>Info.plist<\/tt> key for apps to specify a reason for pasteboard access to appear in the new alert. Other such keys already exist, such as those specifying the reason for location and microphone access.<\/p><\/blockquote>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2025-05-16\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2025-05-16\">2025-05-16<\/a>): <a href=\"https:\/\/github.com\/feedback-assistant\/reports\/issues\/655#issuecomment-2886557194\">Apple<\/a> (via <a href=\"https:\/\/mjtsai.com\/blog\/2025\/05\/12\/pasteboard-privacy-preview-in-macos-15-4\/#comment-4260984\">Cesare Forelli<\/a>):<\/p>\n<blockquote cite=\"https:\/\/github.com\/feedback-assistant\/reports\/issues\/655#issuecomment-2886557194\"><p>Thank you for filing this feedback report. We reviewed your report and determined the behavior you experienced is currently functioning as intended.<\/p><p>The HI design for iOS (which we are following on macOS) states clearly that the dialog itself should NOT include a direct link to the System Settings pane where the &ldquo;always allow&rdquo; option exists.\nThe goal is to avoid making it too easy for apps to bypass the feature by getting users to grant &ldquo;always allow&rdquo; rights after fatiguing them sufficiently by showing excessive dialogs.<\/p><p>[&#8230;]<\/p><p>Instead, a proper &ldquo;onboarding&rdquo; flow should guide users to the corresponding System Settings pane under Privacy &amp; Security, so users are clearly aware that they are making a privacy-related and permanent change.<\/p><\/blockquote>\n<p>Security through obscurity.<\/p>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2025-09-24\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2025-09-24\">2025-09-24<\/a>): <a href=\"https:\/\/bsky.app\/profile\/felixschwarz.bsky.social\/post\/3lyufyiyhxk2q\">Felix Schwarz<\/a>:<\/p>\n<blockquote cite=\"https:\/\/bsky.app\/profile\/felixschwarz.bsky.social\/post\/3lyufyiyhxk2q\"><p>When Apple announced Pasteboard Privacy in May, the assumption was that it&rsquo;ll arrive in the next major macOS release.<\/p><p>But AFAICS - unless you turn it on explicitly via defaults - it seems absent in the macOS 26.<\/p><\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/09\/15\/macos-tahoe-26\/\">macOS Tahoe 26<\/a><\/li>\n<\/ul>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2025-11-21\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2025-11-21\">2025-11-21<\/a>): <a href=\"https:\/\/mas.to\/@avidrissman\/115588531318987111\">Avi Drissman<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mas.to\/@avidrissman\/115588531318987111\">\n<p>This weirdness about the popup button causing an inconsistency is due to my enabling the Pasteboard Privacy preview in the global domain.<\/p>\n<\/blockquote>\n\n<p id=\"pasteboard-privacy-preview-in-macos-15-4-update-2026-03-30\">Update (<a href=\"#pasteboard-privacy-preview-in-macos-15-4-update-2026-03-30\">2026-03-30<\/a>): <a href=\"https:\/\/mastodon.social\/@_inside\/116285733111262102\">Gui Rambo<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@_inside\/116285733111262102\">\n<p>Fun fact: the &ldquo;EnablePasteboardPrivacyDeveloperPreview&rdquo; defaults flag on macOS doesn&rsquo;t just enable confirmation for accessing the clipboard, it moves the responsibility for an app&rsquo;s main menu from the app&rsquo;s own process into a separate system process (TrustedUIService). This means that the contents of the menus have to be serialized to be sent over XPC to that system process, breaking things such as custom SF Symbols in menu icons. I guess that&rsquo;s part of why it&rsquo;s still just a developer preview.<\/p>\n<\/blockquote>\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/12\/10\/icons-in-menus-everywhere\/\">Icons in Menus Everywhere<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Apple (via Jeff Nadeau): Prepare your app for an upcoming feature in macOS that alerts a person using a device when your app programmatically reads the general pasteboard. The system shows the alert only if the pasteboard access wasn&rsquo;t a result of someone&rsquo;s input on a UI element that the system considers paste-related. This behavior [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2025-05-12T18:38:51Z","apple_news_api_id":"e1293da1-4a63-4b51-be40-ffd74b666fd9","apple_news_api_modified_at":"2026-03-30T18:00:03Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAACA==","apple_news_api_share_url":"https:\/\/apple.news\/A4Sk9oUpjS1G-QP_XS2Zv2Q","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[649,2238,30,2598,54,1670,355,71,901],"class_list":["post-47691","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-esoteric-preferences","tag-link-unshortener","tag-mac","tag-macos-15-sequoia","tag-objective-c","tag-pasteboard","tag-privacy","tag-programming","tag-swift-programming-language"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=47691"}],"version-history":[{"count":10,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47691\/revisions"}],"predecessor-version":[{"id":51424,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47691\/revisions\/51424"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=47691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=47691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=47691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}