ModSwitchIME is designed with privacy and security as core principles. This document outlines our security measures and what data the application can access.
- Modifier key presses only (Command ⌘, Shift ⇧, Control ⌃, Option ⌥)
- Input method switching via macOS Text Input Source APIs
- User preferences stored locally in UserDefaults
- Regular keystrokes or typing content - The app only monitors modifier keys
- Clipboard contents - No clipboard access is requested or used
- Screen contents - No screen recording or capture
- Network communication - No network capabilities
- File system - No file system access except preferences
- Personal data - No collection of user data or telemetry
- Only requests Accessibility permission for modifier key detection
- Limited entitlements for input method functionality and system integration
- Event monitoring limited to
flagsChangedevents only - Read-only file access for user-selected files (system integration)
- No keylogging: Regular keystrokes are never captured
- Immediate data disposal: Event data is cleared from memory after processing
- No data persistence: No logs or records of key presses are stored
- Local processing only: All operations happen on your Mac
- Complete source code available for inspection
- Build instructions provided for self-compilation
- Regular security updates and community review
- Production builds: Signed with Developer ID certificate
- Development builds: Ad-hoc signed for local development
- Notarized by Apple for additional security verification (production only)
- Hardened Runtime enabled
ModSwitchIME requires Accessibility permission to monitor modifier key events. This permission allows the app to:
- Detect when modifier keys are pressed and released
- Distinguish between left and right modifier keys
- Measure key press duration for combination detection
You can revoke this permission at any time:
- Open System Settings
- Go to Privacy & Security → Accessibility
- Uncheck ModSwitchIME
-
Download from official sources only
- GitHub Releases: https://github.com/nissy/ModSwitchIME/releases
- Verify code signature:
codesign -dv --verbose=4 /Applications/ModSwitchIME.app - Production builds should show:
Authority=Developer ID Application: Yoshihiko Nishida (R7LKF73J2W)
-
Review permissions
- Only grant Accessibility permission
- No additional permissions should be requested
-
Monitor system resources
- CPU usage should be minimal (<0.1% when idle)
- Memory usage should be under 25MB
If you discover a security vulnerability, please report it responsibly:
- Do not create a public GitHub issue
- Email: [Contact repository owner via GitHub]
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Date: 2025-06-20
- Version: 1.0.0
- Changes:
- Confirmed flagsChanged-only event monitoring for enhanced privacy
- Verified immediate event data disposal implementation
- Enhanced user privacy notifications
- Updated security documentation with actual implementation details
- Verified minimal entitlements configuration
- Minimal permission model
- No network capabilities
- No file system access beyond preferences
- No data collection or telemetry
- Signed and notarized builds
- Open source for transparency
- Regular security updates
ModSwitchIME is designed to comply with:
- macOS privacy guidelines
- GDPR principles (no personal data collection)
- California Consumer Privacy Act (CCPA)
| Version | Date | Security Changes |
|---|---|---|
| 1.0.0 | 2025-06-20 | Enhanced privacy protections, removed keyDown monitoring |
This security policy is subject to updates. Please check the latest version in the repository.