Managing access to location information
Macs and almost all devices assemble information about their location from local Wi-Fi networks, GPS systems (not Macs), and other sources. Access to location information in macOS is controlled in Privacy & Security settings, but unlike most of the items listed there it isn’t managed the same using TCC, but by its own service locationd in Location Services.
Tracking
In addition to those, Safari and other browsers include their own controls over tracking and location. In Safari, these are gathered in the Privacy section of its Settings, and the Location item in Websites. If you subscribe to iCloud+, you can access Private Relay in the iCloud+ section in your Apple Account.
Sharing and Find My…
Location Services are unique in that, when enabled, location data are invariably shared in iCloud, a feature you can’t control in iCloud settings. The only way to stop the sharing of locations across your iCloud-connected devices is to turn the whole service off, which is also true for iOS and iPadOS devices. Although it might seem tempting to disable Location Services altogether, that improved privacy comes at the cost of some valuable services: in particular, Find My… and Activation Lock, and many system services and apps also need Location Services to be enabled.
Settings
Location Services is the most complex of all the sections in Privacy & Security settings, and nests many of its controls deeply. This was inherited from the days of System Preferences, and hasn’t yet been redesigned to take advantage of System Settings. Above its last item, System Services, is a list of those apps over which you have direct control of their access to location data, although they can only be enabled or disabled and not removed from the list, neither can you add other apps.
Unusually, the About Location Services & Privacy button opens a window containing a mixture of help and privacy information, which is worth reading to give you better insight into what’s managed and how data is shared. It points out one important message: by giving a third-party app access to your location, that app’s vendor is in control of your location data in accordance with their terms and privacy policies, not those of Apple. If your location data is sensitive, then you shouldn’t give third-party apps access to it unless you’re confident they will protect it appropriately.
Further important controls are revealed in another window when you click on the Details… button for System Services. This lists some of the purposes for which macOS uses location data, giving you fine control over them.
The final layer in this onion is revealed when you click on the Details… button next to Significant Locations: a listing of all those locations that macOS considers to be ‘significant’. On a static Mac with mobile iOS devices, those are largely based on location data gathered from those, and are mirrored in similar lists on each device.
If you’ve never inspected these Significant Locations, you may be surprised at how much detail they contain: exact location, shown on a local street map, with time periods, over the last few months. It might be possible to reconstruct a lot of your life and activities from them. This window allows you to clear its history, in case you don’t want anyone to know where you’ve been.
Internals
Behind these is the system service locationd and its database locked away in /var/db/locationd. The official description of locationd is that it obtains geographic location data and manages access to it. When you’re prompted to give access to location data, that’s the CoreLocationAgent in action on its behalf. Apps that can ask for location data from Location Services should have the com.apple.security.personal-information.location entitlement and provide NSLocationUsageDescription information, something you can check using Apparency.
The /var/db/locationd directory contains one file that’s simple to read and holds important information, clients.plist, and various opaque data files. A sub-directory /Library has a surprising collection of scripts and cached data.
clients.plist is a standard Property List containing a dictionary of all the apps and other software that could access Location Services data. Those that are currently granted access contain the key Authorized set to <true>. In general, these should match apps and other items in the Location Services list in Privacy & Security settings, although that doesn’t apply to public or private frameworks that are included. There’s also a flag available for the key Hide suggesting that some apps or services can be given access to locations but won’t be displayed in Location Services settings.
While other privacy protections can be managed by the tccutil command tool, there’s no equivalent for Location Services. Besides, clearing its database would affect a lot of system services, including Find My… and Activation Lock, with their wider security implications.
Because of the reliance of Location Services on hardware and network features, they don’t function in Virtual Machines running on Apple silicon Macs, even though you can opt to ‘enable’ them.
Summary
Geographic location data is derived from Wi-Fi networks and other sources, and delivered in Location Services.
Although controls are included in Privacy & Security settings, they work differently from others, using the locationd service rather than TCC.
Location Services are required for Find My…, Activation Lock and other macOS apps and services.
By giving a third-party app access to your location, that app’s vendor is in control of your location data in accordance with their terms and privacy policies, not Apple’s.
Significant Locations can give a detailed history of your movements.
There’s no command tool to manage Location Services.
