usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

New privacy switches in macOS 15 are not managed by allowDiagnosticSubmission #80

New Issue
Closed
opened 2026-01-19 18:29:10 +00:00 by michael · 11 comments
michael commented 2026-01-19 18:29:10 +00:00
Owner
Copy Link

Originally created by @qupig on GitHub.

Originally assigned to: @robertgendler on GitHub.

Problem to solve

Two new data collection switches in macOS 15 (enabled by default):

  • Analytics & Improvements -> Improve Assistive Voice Features
  • Spotlight -> Improve Search

The restrictions key allowDiagnosticSubmission cannot cover the newly added switches, as shown in the screenshots:

Improve Assistive Voice Features
Spotlight Improve Search

Documentation

https://developer.apple.com/documentation/devicemanagement/restrictions

Links / references

https://support.apple.com/en-me/guide/mac-help/mchl54d95e8a/mac
https://www.apple.com/legal/privacy/data/en/improve-assistive-voice-features/

Originally created by @qupig on GitHub. Originally assigned to: @robertgendler on GitHub. ### Problem to solve Two new data collection switches in macOS 15 (enabled by default): - Analytics & Improvements -> Improve Assistive Voice Features - Spotlight -> Improve Search The restrictions key `allowDiagnosticSubmission` cannot cover the newly added switches, as shown in the screenshots: ![Improve Assistive Voice Features](https://github.com/user-attachments/assets/34420cd0-9c02-4e65-8bdb-456f325e0f5b) ![Spotlight Improve Search](https://github.com/user-attachments/assets/6ef18584-2b4d-4581-8df3-f109949e914d) ### Documentation https://developer.apple.com/documentation/devicemanagement/restrictions ### Links / references https://support.apple.com/en-me/guide/mac-help/mchl54d95e8a/mac https://www.apple.com/legal/privacy/data/en/improve-assistive-voice-features/
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@qupig commented on GitHub:

Thanks, it's really disturbing to have these options hidden in different places and covered by subkeys in different corners.

There should be a clear primary key there that overrides any subsequently added sub-switches.

@robertgendler Anyway, thanks for your work and quick answer!

@qupig commented on GitHub: Thanks, it's really disturbing to have these options hidden in different places and covered by subkeys in different corners. There should be a clear primary key there that overrides any subsequently added sub-switches. @robertgendler Anyway, thanks for your work and quick answer!
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@vaughnhart commented on GitHub:

This is a find! with a capital FIND! I wonder if these "features" bypass other restrictions with a nuisance. They're not exactly Siri, and Spotlight. I wonder what the underlying "linux" subsystem is?

@vaughnhart commented on GitHub: This is a find! with a capital FIND! I wonder if these "features" bypass other restrictions with a nuisance. They're not exactly Siri, and Spotlight. I wonder what the underlying "linux" subsystem is?
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@vaughnhart commented on GitHub:

yeppers... private... I was more thinking about how spotlight was feeding from, if I remember correctly, lookup and another search database that could be controlled on the command line. I wondered if the same was for these two "options" as well.

@vaughnhart commented on GitHub: yeppers... private... I was more thinking about how spotlight was feeding from, if I remember correctly, lookup and another search database that could be controlled on the command line. I wondered if the same was for these two "options" as well.
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

@vaughnhart there is no linux subsystem. It isn't linux. It isn't anywhere near linux. macOS is a unix and linux is not a unix.

@robertgendler commented on GitHub: @vaughnhart there is no linux subsystem. It isn't linux. It isn't anywhere near linux. macOS is a unix and linux is not a unix.
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

I think we found those and added rules for them.
https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml

https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_search_disable.yaml

@robertgendler commented on GitHub: I think we found those and added rules for them. https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_search_disable.yaml
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

@JamminR That's expected when it's not a setting that Apple officially supports as being manageable. Nobody has programmed it to "lock". But if you re open system settings it's off.

@robertgendler commented on GitHub: @JamminR That's expected when it's not a setting that Apple officially supports as being manageable. Nobody has programmed it to "lock". But if you re open system settings it's off.
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@JamminR commented on GitHub:

I think we found those and added rules for them. https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml

https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_search_disable.yaml

Though my org using this setting for "improve assistive voice" shows setting as disabled, the setting is not greyed out and the slider can be moved to 'on' position but immediately moves back to off.
Is this a concern, or with the setting method it was disabled, is that 'normal' and it will always remain disabled even though not greyed out.
image

@JamminR commented on GitHub: > I think we found those and added rules for them. https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml > > https://github.com/usnistgov/macos_security/blob/main/rules/system_settings/system_settings_improve_search_disable.yaml Though my org using this setting for "improve assistive voice" shows setting as disabled, the setting is not greyed out and the slider can be moved to 'on' position but immediately moves back to off. Is this a concern, or with the setting method it was disabled, is that 'normal' and it will always remain disabled even though not greyed out. <img width="467" alt="image" src="https://github.com/user-attachments/assets/dc055ee6-b10d-495c-87c6-e907cfdc6bee" />
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@qupig commented on GitHub:

A little extra thought, maybe we should also record the corresponding UI settings description text there, so that it is easier for people to find and confirm.

For example when I search for, there is nothing there:

https://github.com/search?q=repo%3Ausnistgov%2Fmacos_security%20Improve%20Assistive%20Voice%20Features&type=code

Unless I simplify the search terms:
https://github.com/search?q=repo%3Ausnistgov%2Fmacos_security+Assistive+Voice&type=code

@qupig commented on GitHub: A little extra thought, maybe we should also record the corresponding UI settings description text there, so that it is easier for people to find and confirm. For example when I search for, there is nothing there: https://github.com/search?q=repo%3Ausnistgov%2Fmacos_security%20Improve%20Assistive%20Voice%20Features&type=code Unless I simplify the search terms: https://github.com/search?q=repo%3Ausnistgov%2Fmacos_security+Assistive+Voice&type=code
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

Good point! We'll try to remember to update the discussion and/or title a bit.

@robertgendler commented on GitHub: Good point! We'll try to remember to update the discussion and/or title a bit.
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@JamminR commented on GitHub:

Thank you for the response. I'll stop looking for a solution to a non-problem, and will go back to occasional Apple managed device github settings review in hopes they add ability to lock it as they have the other settings.

@JamminR commented on GitHub: Thank you for the response. I'll stop looking for a solution to a non-problem, and will go back to occasional Apple managed device github settings review in hopes they add ability to lock it as they have the other settings.
michael commented 2026-01-19 18:29:10 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

Better late than never. Merged some changes into sequoia branch to update the discussion language. Hopefully this helps. Closing out the issue.

@robertgendler commented on GitHub: Better late than never. Merged some changes into sequoia branch to update the discussion language. Hopefully this helps. Closing out the issue.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#80
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?