How to see which app is using your microphone on Mac

By /

Identifying which application is accessing the microphone on Mac has become much easier with recent macOS updates, yet it remains a critical skill for privacy-conscious professionals. Apple introduced visual indicators in the Menu Bar to alert you when recording hardware is active, but these dots do not always provide the full context of background processes. In my experience, rogue background tasks or poorly optimized browser extensions often keep the input stream open long after a video call ends. Whether you are troubleshooting a failed Zoom meeting or auditing your system security, knowing exactly which process has control of your hardware is essential. According to a report by Malwarebytes (2023), spyware that utilizes audio recording remains a persistent threat for enterprise users. Furthermore, a 2022 survey by Kaspersky indicated that 14 percent of users were concerned about unauthorized access to their webcams and microphones. This guide provides the exact steps to audit your audio permissions and regain control of your hardware.

What you’ll need

  • A Mac running macOS Monterey (12.0) or later for the most accurate visual indicators.
  • Administrator access to System Settings for modifying application permissions.
  • Familiarity with the Control Center icon in the Menu Bar.
  • Activity Monitor or a third-party security tool for advanced process tracking.

Key takeaway: Monitoring your microphone requires a combination of native macOS visual cues and deep-dive system settings.

Step-by-step

microphone on Mac
Photo by @felipepelaquim – / Pexels
  1. Look at the top right corner of your screen for a small orange dot in the Menu Bar. This visual indicator signifies that the microphone on Mac is currently in use by at least one active process. In practice, this dot appears regardless of which application is responsible, serving as your first line of defense against unauthorized recording.
  2. Click on the Control Center icon, which looks like two horizontal sliders, located next to the date and time. This menu will display the name of the application currently using your audio input at the very top of the pane. Consequently, you can quickly identify if a browser tab or a specific communication tool like Slack is the culprit.
  3. Navigate to the Apple menu and select System Settings to view a log of which apps have permission to access your audio. Click on Privacy and Security in the sidebar and then select Microphone from the list of services. This list provides a comprehensive view of every installed application that has requested access in the past.
  4. Toggle off the switches for any applications that do not require audio input for their core functionality. From experience, many utility apps request these permissions during installation even if they never use them for legitimate tasks. Removing these permissions ensures that a background process cannot restart the audio stream without your knowledge.
  5. Launch the Activity Monitor application from your Utilities folder if the orange dot persists after you have closed all visible windows. Search for “coreaudiod” or the name of the app you identified in Step 2 to see its current CPU and memory usage. If a process appears to be hung or unresponsive, select it and click the “X” button at the top to force it to quit.
  6. Open the Terminal and run a query to see which processes have an open file handle on the audio hardware for a deeper technical audit. Type 
    sudo lsof | grep AppleHDA

    to list the low-level system processes currently interacting with the high-definition audio driver. This step reveals hidden background daemons that might not show up in the standard macOS graphical interface.

  7. Install a dedicated security tool such as Oversight by Patrick Wardle or Objective-See’s LuLu to get persistent notifications. These tools notify you every time the microphone is activated, providing the process ID and the path to the executable. This is what most guides miss because built-in tools only show active use, whereas these tools catch the exact moment of activation.

Key takeaway: Following these steps moves you from passive observation to active management of your system audio hardware.

Common problems and fixes

The orange dot is visible but no app is listed

Sometimes the macOS Control Center fails to display the name of the process because the software is running as a system daemon rather than a user application. In addition, certain browser extensions can trigger the microphone without identifying the parent browser as the active user. To fix this, you should restart the “coreaudiod” process via Activity Monitor, which forces all current audio streams to disconnect and reset. This usually clears the indicator if the usage was a ghost process left over from a previous session.

Microphone stays active after closing a browser tab

Browser-based meeting tools like Google Meet or Microsoft Teams often fail to release the hardware lock even after you close the tab. This happens because the browser engine maintains the media stream until the entire application is quit or the cache is cleared. In my experience, the most effective fix is to use a site-specific browser or a separate profile for meetings. You can also manually revoke the site’s permission by clicking the lock icon in the address bar of Safari or Chrome.

Third-party audio drivers causing false positives

If you use virtual audio routing software like BlackHole or Loopback, you might see the microphone indicator stay on permanently. These tools create virtual input devices that macOS sometimes interprets as active recording sessions. However, these are generally benign and are simply standing by to route audio between applications. To resolve the confusion, you should check the “Input” tab in your Sound settings to ensure that the correct physical device is selected as the default.

Key takeaway: Most persistent microphone issues stem from orphaned processes or virtual drivers rather than actual malicious activity.

When this won’t work

The methods described here may fail if your Mac has a hardware-level fault or if you are using an older version of macOS that lacks the orange indicator dot. Furthermore, kernel-level rootkits can occasionally bypass user-space reporting tools, making them invisible to the Control Center or Activity Monitor. In cases where the hardware is compromised at a firmware level, particularly on older machines without the T2 Security Chip, software-based monitoring cannot provide a 100 percent guarantee of privacy. If you suspect such a deep compromise, a physical hardware disconnect or a clean reinstallation of the operating system is the only certain solution.

Key takeaway: Software tools have limitations against kernel-level threats or hardware malfunctions.

Managing the microphone on Mac is a fundamental part of maintaining a secure Apple ecosystem. While the built-in indicators provide a great starting point, a senior practitioner knows that the real control lies within the Privacy and Security settings and low-level process monitoring. By regularly auditing which apps have permission to listen, you significantly reduce your attack surface. According to data from Statista (2022), over 40 percent of remote workers express concern regarding their digital privacy while using company-issued hardware. Taking five minutes every month to review these settings is a high-leverage habit for any professional. Ultimately, the best defense is a combination of built-in macOS features and specialized tools like Oversight. Your next action should be to open your System Settings and prune any application permissions that you no longer use on a daily basis.

Cover image by: AS Photography / Pexels

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top