Jamf Nation Community

Jason · ‎04-07-2020

Once location services has been allowed, any app can request permission to get the systems location. I've been trying to use Composer to find out where those settings get stored but haven't had any luck. Does anyone know where that's set? I'd like to permit location for Microsoft Outlook, Weather, and "Time Zone & System Customization", but block it for everything else. I know there isn't a Configuration Profile for that. But perhaps there is a plist i can apply as a custom payload or manually set in some other way with a package.

Cayde-6 · ‎04-07-2020

Watching with interest, I raised an Apple feature request for this but it got rejected. “Users privacy” concerns even though they are corporate devices

psliequ · ‎04-07-2020

You can get a nice reading of which applications have been given location services access with an attribute like this;

#!/usr/bin/env zsh

echo "<result>$(defaults read /var/db/locationd/clients.plist | grep -B1 "Authorized = 1" | awk '{print $1}' | sed 's/"//g; s/Authorized//g; s/--//g; /^$/d')</result>"

you can then find users who haven't granted access to the application you're worried about and notify by them other means...

Jamf Nation Community

Control Location Services