Trust

Overview
Trust.app enables the Accessibility API (AX API) only for user specified applications.

Remember that checkbox in the System Preferences (the Universal Access pane) called "Enable access for assistive devices?"
If you enable it, any application will have access to the AX API, and vise versa: If you disable it, no application will be able to use the AX API functions.
Among the AX API functions are capturing of text under the mouse pointer, capturing of keystrokes, etc.
Theoretically, when enabled, this global option decreases your Mac's stability and robustness and creates a security hole accessible by key loggers, trojans, etc.
Although it's not as bad as it may sound, you would probably agree that it is better to err on the safe side.

What applications may need the AX API?
- Various helper programs for people with disabilities
- Applications for saving/displaying keystrokes when recording screencasts, etc. (screen capture applications)
- Applications for recording keystrokes for further reproduction (automation utilities)
- Dictionary applications that are able to capture text under the mouse pointer for quick translation...
What do we have to offer?
Don't enable this global option, use Trust.app instead to give access to the AX API only to your trusted applications.
To be able to access the AX API, newly added applications have to be restarted.
All your "trust settings" are saved between Mac OS X restarts.
If an application you have added to your trusted list crashes on start (in Mac OS X 10.5 or later, see section 2 below), just remove it from the list, contact its developer with the link to this page.
Known Issues
1. For your favorite applications to "understand" that they actually have access to the AX API and not to ask you to enable the global access for assistive devices in the System Preferences, their developers should make a little amendment to their source code. Such an amendment is a matter of seconds, so it won't be hard for a developer to implement the Trust.app support.
2. The second issue is applicable only to Mac OS X Leopard users. In Leopard, some applications marked as trusted may crash right after the start.
  The problem is that Apple has enhanced trusted application security in Leopard so that, if such an application contains its own frameworks, the operating system may consider it as a security threat. Fortunately, this problem can be easily solved by the developer of such an application.
We believe that the list of applications supporting Trust.app accessibility control would grow quickly.
However, we don't ask you to reinvent the wheel, we just recommend adding slight changes to your existing applications to make the trust function available since Mac OS X 10.4 work more efficiently, and leave users to decide, whether they would follow our recommendations and use a dedicated list of trusted applications, or would they decrease their system's robustness by enabling a single global option.
You are the one to choose.

To implement the AX API accessibility checking (and resolve the 1st issue):

Additionally to AXAPIEnabled(), you should also check AXIsProcessTrusted(),

That is, if your source code used to look like this:

if (!AXAPIEnabled())// global option disabled?
{
	// offer opening the Universal Access preference pane
	int ret = NSRunAlertPanel (@"Accessibility API",
		@"This feature requires that the Accessibility API be enabled.\nWould you like me to launch System Preferences so that you can turn on \"Enable access for assistive devices\"?", 
		@"OK", @"Cancel",nil);
	if (ret == NSAlertDefaultReturn)
		[[NSWorkspace sharedWorkspace] openFile:
			@"/System/Library/PreferencePanes/UniversalAccessPref.prefPane"];
}

To implement Trust.app support, the above source code should look like this:

if (
	!AXAPIEnabled()// global option disabled
	&& // and
	!AXIsProcessTrusted()// process is not trusted
	)
{
	// offer opening the Universal Access preference pane
	int ret = NSRunAlertPanel (@"Accessibility API",
		@"This feature requires that the Accessibility API be enabled...", 
		@"OK", @"Cancel",nil);
	if (ret == NSAlertDefaultReturn)
		[[NSWorkspace sharedWorkspace] openFile:
			@"/System/Library/PreferencePanes/UniversalAccessPref.prefPane"];
}

This means that trusted processes automatically gain access to the AX API, even if the global accessibility option is disabled.
We also offer using our single function TrustIsEnabled() instead of relying on returned values of functions AXAPIEnabled and AXIsProcessTrusted (source code files are available below.)

if (!TrustIsEnabled())// no trust?
{
	// offer opening the Universal Access preference pane
	int ret = NSRunAlertPanel (@"Accessibility API",
		@"This feature requires that the Accessibility API be enabled...", 
		@"OK", @"Cancel",nil);
	if (ret == NSAlertDefaultReturn)
		[[NSWorkspace sharedWorkspace] openFile:
			@"/System/Library/PreferencePanes/UniversalAccessPref.prefPane"];
}

To resolve the second issue (security in 10.5), you have to mark your bundle containing internal frameworks (which are linked using @executable_path and usually added during an additional Copy Files phase) as 'Weak'; (Xcode / Project Tree / Targets / Our Target Name / Link Binary With Libraries - the Role column for internal frameworks: Change the value from Required to Weak), and preload those frameworks in the main() function (usually in the main.m file) before giving control to the NSApplicationMain function.
External frameworks available from /System/Library/Frameworks, /Library/Frameworks, etc., won't require any changes.

The code of your main() function could look like this:

int main(int argc, char *argv[])
{
	NSAutoreleasePool * arp = [NSAutoreleasePool new];
  
	NSString * selfPath = [NSString stringWithUTF8String:argv[0]];
	NSString * frameworks = 
		[[[selfPath stringByDeletingLastPathComponent] 
			stringByDeletingLastPathComponent] 
				stringByAppendingPathComponent:@"Frameworks"];
			
	[[NSBundle bundleWithPath:
		[frameworks stringByAppendingPathComponent:
			@"Growl.framework"]] load];

	[[NSBundle bundleWithPath:
		[frameworks stringByAppendingPathComponent:
			@"Submarine.framework"]] load];
  
	[arp drain];
	
	return NSApplicationMain(argc,  (const char **) argv);  
}

For convenience, we offer loading frameworks using the TrustLoadFramework function. In such case your code would look like this:

int main(int argc, char *argv[])
{
	TrustLoadFramework(@"Growl.framework");
	TrustLoadFramework(@"Submarine.framework");
  
	return NSApplicationMain(argc,  (const char **) argv);  
}

There's an issue regarding automatic software updates:

The problem is that the AX API trust system is pretty "apprehensive", and in case of an executable file modification, it stops trusting it.
However, you can easily override this behavior by calling the TrustUpdate() function in the beginning of the main() function:

int main(int argc, char *argv[])
{
	TrustUpdate();
	
	TrustLoadFramework(@"Growl.framework");
	TrustLoadFramework(@"Submarine.framework");

	TrustLoadFrameworkFromFolder(@"MyPrivate.framework",
		@"MyPrivateFrameworks");
			
	if (TrustIsEnabled())
		NSLog(@"I'm trusted Application!");
  
	return NSApplicationMain(argc,  (const char **) argv);  
}

TrustUpdate performs a check, then it securely asks the Trust module to raise your trust level, and restarts the application, if the operation was successful.

Download TrustAddons source code containing the above functions

Trust Compatible Applications

Click the header to see the list

Trust for Tiger

Language:		English
Version:		1.2 (21 July 2009)
Size:		81 Kb
Requirements:		Mac OS X 10.4 or later
License:		Freeware

Download Trust

Trust for Leopard

Language:		English
Version:		2.0.0 (23 September 2009)
Size:		500 Kb
Requirements:		Mac OS X 10.5 or later
License:		Freeware

Download Trust

Click to write an e-mail with your suggestions to our Support Service.