Thanks for the bug report.

On newer versions of macOS (13+) KnockKnock uses "Background Managed Task" to enumerate such items:

On older versions of macOS, it's tough, as KnockKnock would have to scan the entire system for any app, and for each then check if they have an embedded login item.

thanks for the quick reply, my copy of KnockKnock does include that same Background Managed Tasks section but it's empty. Maybe a disclaimer could be included for older OSes.

I also saw that when I have Stats installed in the system /Applications folder it is listed in KnockKnock with Stats.app/Contents/Library/LoginItems/LaunchAtLogin.app launching. The weird thing is that even after I deleted ~/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm Stats still launched at login (but other apps including BlockBlock no longer launched at login). Does this mean that macOS scans every .app before login to look for a LoginItems folder inside the app bundle?

Also wouldn't this type of invisible to KnockKnock login item defeat the entire point of KnockKnock (and BlockBlock when it doesn't work), at least on systems before macOS 13? Malware could just be any app installed anywhere with a silent login item and it would never be seen except maybe in Activity Monitor

I recently read that you have Micro Snitch. I switched from Micro Snitch to OverSight for a few key reasons. Micro Snitch's last update was on September 13, 2023, as noted here (https://www.obdev.at/products/microsnitch/releasenotes.html), whereas OverSight was updated more recently on September 24, 2024 (https://github.com/objective-see/OverSight/releases/tag/v2.4.0)).

Here's a clear explanation of the major differences between the two tools:

1. Core Functionality:

   • Micro Snitch: Alerts users when the microphone or webcam is activated and logs these activities. However, it does not show which process is accessing these devices or allow users to block access.
   • OverSight: Goes a step further by not only alerting users but also identifying the specific process accessing the microphone or webcam. It also allows users to block or allow access, giving greater control over privacy.

2. Development and Updates:

   • Micro Snitch is a paid app and has less frequent updates.
   • OverSight is free, open-source, and actively maintained by Patrick Wardle, a former NSA hacker and renowned macOS security expert (learn more). His expertise ensures the app stays ahead of potential threats.

3. Features:

   • OverSight offers advanced features like identifying the exact process using your devices and the ability to block it, making it a powerful tool for safeguarding your privacy.
   • Micro Snitch lacks the ability to block processes or identify the source of access.

4. Cost:

   • Micro Snitch is a paid tool.
   • OverSight is completely free and open-source, fostering transparency and trust within the security community.

In conclusion, OverSight provides a more robust solution for monitoring and controlling mic and webcam access, making it an ideal choice for macOS users concerned about privacy. Plus, its active development and Patrick Wardle’s expertise add extra layers of trustworthiness and effectiveness.