LockDown Browser Full Disk Access on Mac - When and Why
What Full Disk Access actually grants
Apple's FDA permission removes the macOS sandboxing that blocks apps from reading these locations:
- Mail (~/Library/Mail/) - every email message.
- Messages (~/Library/Messages/) - every iMessage and SMS.
- Safari history (~/Library/Safari/) - full browsing history.
- Photos library - every photo and video.
- Time Machine backups.
- Users' home directory in its entirety.
- System logs and diagnostic reports.
- Anywhere on the file system not protected by per-app sandboxing.
This is a much broader grant than Camera or Microphone. An app with FDA can read your entire digital life on the Mac.
When LDB asks for FDA
LDB requests FDA only in specific institutional configurations - typically professional certification programs or law schools using LDB for high-stakes assessments where the Dashboard config explicitly enables "Verify absence of forbidden files". The check itself looks for specific files that violate the academic-integrity policy (cached answer keys, pre-written essays, etc.).
Most undergraduate and standard graduate course exams do not require FDA. If LDB asks for it, your specific course is in a small minority.
What LDB does (and does not) do with FDA
From observed behaviour during the LDBypass test fleet reproductions:
- What it does: Scans for specific filenames matching the institution's forbidden-file list before launching the exam. The list is institution-configured and could include things like "exam_notes.pdf" or specific cached answer-key filenames.
- What it does not do (per observation): Read email, messages, photos, browser history. The scan is filename-based, not content-based.
- What it could do (per the permission): Anything in the FDA scope. The discrepancy between observed and possible is a matter of trust in Respondus's own controls.
Granting FDA - procedure
- System Settings → Privacy & Security → Full Disk Access.
- Click the (+) plus button.
- Navigate to /Applications and select LockDown Browser.app.
- Authenticate with admin password.
- Toggle on. Quit and relaunch LDB.
If you're uncomfortable granting FDA
Reasonable options:
- Email your instructor. Ask whether the FDA requirement can be relaxed (some Dashboard configs default to FDA but the instructor doesn't actually need it).
- Take the exam on a borrowed Mac. Use a Mac that does not contain your personal data. Granting FDA on a "clean" Mac limits the exposure.
- Take the exam in person. Most institutions allow alternative testing arrangements when documented privacy concerns exist.
- Document the concern in writing to your instructor and academic advisor. Universities usually have a path through the dean of students for FDA-grade objections.
Revoking FDA after the exam
Critical: revoke FDA immediately after the exam ends. LDB does not need it between exams.
- System Settings → Privacy & Security → Full Disk Access.
- Toggle LockDown Browser off, or click (-) to remove entirely.
- The next exam that requires it will prompt fresh.
Frequently asked questions
Is FDA the same as Accessibility?
No. Accessibility = monitor keystrokes, send synthetic events, read UI of other apps. FDA = read protected file system locations. They're separate permissions; some institutions require both.
Will Respondus see my email if I grant FDA?
In principle, yes - the permission allows reading ~/Library/Mail. In observed behaviour, LDB scans for specific filenames, not content. The risk is the gap between observed behaviour and what the permission technically allows.
Why does my course require FDA when classmates' courses don't?
Each course has its own Respondus Dashboard configuration. Your instructor or department enabled the "verify forbidden files" feature; the default is off.