Proctoring Software Architecture Explained
Proctoring software falls into three architectural families: native desktop apps (OnVUE, Examplify), browser-based extensions (Honorlock, Proctorio, Examus), and live-stream services (ProctorU, Examity). Each has different trust boundaries and different capture surfaces.
Native apps (OnVUE, Examplify, RPNow) install on Mac as user-space apps, take over the screen during exams, and capture via ScreenCaptureKit. Browser extensions (Honorlock, Proctorio) run inside Chrome and capture via getDisplayMedia (which calls into ScreenCaptureKit on Mac). Live-stream services (ProctorU Live+, Examity) use a Chrome extension or Guardian Browser plus WebRTC for the live human-proctor stream. All three architectures end up calling macOS' capture stack one way or another, and macOS enforces window privacy at that layer. So the overlay is invisible to all three.
Key points
- Native apps: take over OS, capture via SCK.
- Browser extensions: run in Chrome, capture via getDisplayMedia.
- Live-stream services: WebRTC + human proctor.
- All three call macOS capture stack underneath.
- macOS enforces window privacy regardless of architecture.
Common questions
Which architecture is hardest to evade?
For screen capture specifically, none - they all share the same OS-mediated capture path. Behavioral monitoring (eye tracking, audio) is independent and equally tough across all three.
Are kernel-level proctors a thing on Mac?
Some Windows proctors (Respondus Monitor on Windows) install kernel-level components. macOS does not allow third-party kernel extensions in System Integrity Protection; user-space is the limit.
Will Apple Intelligence integrations change this?
Apple Intelligence currently does not affect screen capture. If future versions do, we will reassess.