What Does "Screen Capture Proof" Mean on macOS?
"Screen capture proof" on macOS describes a window that the operating system hides from every capture API: screenshots (Cmd-Shift-3), screen recording (Cmd-Shift-5), screen sharing (Zoom, Meet), proctor apps (Honorlock, Proctorio), and the system-level capture services that everything else funnels through.
macOS maintains a property on each window called "sharing type". Apps that handle sensitive data (1Password, Apple's own login screen) set it to "none", which signals the compositor to omit those windows from capture. macOS' ScreenCaptureKit, getDisplayMedia (for browser screen-share), CGWindowListCreateImage (used by old screenshot tools and some proctor apps), and AVCaptureScreenInput all consult this flag and filter accordingly. The result: the window is rendered to your eyes by the GPU but missing from any captured frame. LDBypass uses this mechanism for its overlay.
Key points
- Property: per-window "sharing type" flag.
- When set to "none": OS filters window out of all capture results.
- Honored by: ScreenCaptureKit, getDisplayMedia, CGWindowList, AVCaptureScreenInput.
- Used by 1Password, Apple Keychain login fields, LDBypass overlay.
- macOS 14 + 15.0-15.3 honor it; 15.4 changed semantics for some clients.
Common questions
Is this a hack or a documented feature?
Documented. Apple ships the mechanism for sensitive UI. We use it for the overlay, but the same flag is in standard system code.
What changed in macOS 15.4?
A specific entitlement gives certain capture clients the ability to see flagged windows. The implication for proctor compatibility is still being assessed; we recommend staying on 14 or 15.0-15.3.
Can a third-party app force-bypass the privacy flag?
Without root and a kernel hook, no. macOS' compositor enforces the filter.