What Does LockDown Browser Actually See on Your Mac? (2026 Audit)

Last updated 2026-05-02 · LDBypass Editorial

LockDown Browser on Mac reads: the active exam window, the running-process list (for blacklist enforcement), basic system identifiers, and - when Respondus Monitor is enabled - your webcam stream, microphone audio, and periodic screen captures. It does NOT read: your Documents folder, Safari history, Time Machine backups, files outside the exam window, or other apps' content. Below: every claim sourced.

What LDB sees (alone, no Monitor)

With Respondus Monitor disabled, LDB is purely a kiosk-mode wrapper around the exam interface. It accesses:

Active exam window content - required to render the exam; this is the same data Safari would have if the exam ran in a normal tab.
Running-process list - enumerated via NSWorkspace.runningApplications + sysctl kern.proc. Used for blacklist enforcement (closing screen-share daemons, etc.). LDB sees process names and PIDs; not the contents of those processes.
System identifiers - hostname, macOS version, hardware UUID, default browser, install language. Standard system telemetry, sent to Respondus once per session.
Network endpoints - LDB connects to *.respondus.com for configuration + telemetry, and to your LMS's endpoints for the exam itself.
Periodic screen captures - kiosk-mode enforcement reads the screen at intervals to detect window-switching attempts. These captures are not retained or uploaded by LDB alone - only by Monitor.

What Respondus Monitor adds

When Monitor is enabled (instructor-controlled flag in the Respondus Dashboard):

Webcam stream - captured continuously during the exam, encoded, uploaded to Respondus.
Microphone audio - captured continuously, encoded, uploaded.
Periodic screen captures - same as kiosk mode but uploaded for instructor review.
Pre-exam ID photo - single photo of you holding student ID.
Environment scan video - short video of you panning the camera around your room.

What LDB does NOT see

Documented (per Respondus's privacy policy + observed on the LDBypass test fleet):

Documents folder - not accessible without Full Disk Access (rarely requested).
iCloud Drive contents - same.
Time Machine backups - same.
Safari history, autofill, passwords - not accessible without Full Disk Access.
Other apps' open documents - sandboxing blocks cross-app reads.
Mail, Messages, Photos - protected by TCC; LDB does not request access.
Keychain, certificates, biometric data - outside LDB's sandbox.
Files outside the exam window during recording - Monitor records the screen visibly, not the file system. If Word is open in the background, the recording shows the Word window if it's on screen, but LDB does not read Word's in-memory document or saved file.

Capability vs. behavior - the gap

Some permissions LDB requests grant capabilities broader than what LDB actually uses:

Screen Recording permission grants the ability to record any screen content, in any window. LDB's observed behavior: records frames of the screen for kiosk-mode + Monitor; does not target other windows specifically.
Camera permission grants ongoing access to the camera. LDB's behavior: only acquires when Monitor is active.
Accessibility permission (rare) grants keystroke monitoring + synthetic event injection. LDB's behavior: detects kiosk-escape keystrokes; does not log all input.
Full Disk Access (rare) grants reading protected file system locations. LDB's behavior (in institutional configs that require it): scans for specific filenames; does not read content.

The discrepancy between capability (what the permission allows) and behavior (what LDB does with it) is a matter of trust in Respondus's controls. Their privacy policy commits to the narrower behavior; observable behavior matches.

How to verify yourself on Mac

Network endpoints: nettop -p $(pgrep "LockDown Browser") during the exam (run before the exam to set up logging; LDB blocks Terminal during exam itself).
File system reads: fs_usage -w -f filesys "LockDown Browser" shows every file LDB touches.
Screen Recording active: orange dot in macOS menu bar when LDB is recording.
Webcam / microphone active: green camera icon + orange microphone icon in menu bar when Monitor is recording.

What changes by macOS version

The TCC permission model has tightened over Big Sur → Monterey → Ventura → Sonoma → Sequoia. Each release added more granular controls. LDB's requested permissions have not changed; what's changed is the user's ability to see and revoke them. Sequoia 15.3+ specifically added the 30-day Screen Recording re-confirmation that visibly surfaces the permission grant.

Frequently asked questions

Can LDB read what I'm typing in another app?

Without Accessibility permission (rare), no. With Accessibility permission, technically yes - but LDB's observed behavior is to detect kiosk-escape keystrokes only, not log all input. Verify by reviewing your TCC permissions in System Settings → Privacy & Security.

Does Monitor see my entire screen or just the exam window?

Monitor records what's visibly on screen - including any window not explicitly hidden. If you have Slack open in the background, Slack appears in the recording. The recording is screen-frame-based, not file system-based.

Can LDB read my exam answers if my LMS gets compromised?

LDB displays your answers as you type; if Respondus servers were compromised, the recording (which shows the screen including your answers) would be exposed. This is a generic SaaS-data risk, not specific to LDB. No public breach is documented.

I've heard LDB scans my entire hard drive - is that true?

No, unless your specific institutional configuration requires Full Disk Access (rare). Even with FDA, observed behavior is filename-based scanning for specific forbidden files, not content reading.