macOS privilege that lets an app read files outside its normal sandboxed reach
Full Disk Access is a macOS privacy privilege that grants an application read access to protected user data — Mail, Messages, Safari, Time Machine volumes, and other users’ home folders — that the default sandbox keeps walled off.
Since macOS Mojave, Apple has enforced a system called TCC (Transparency, Consent, and Control) that blocks apps from reading a growing list of “protected” locations without explicit user consent. For most apps that’s a prompt to access Photos or Contacts. A few categories — privacy-sensitive folders like ~/Library/Mail/, ~/Library/Messages/, Safari history, and anything under /Library/Application Support/MobileSync/ — cannot be granted per-prompt at all; they require the user to open System Settings, navigate to Privacy & Security, Full Disk Access, and flip the app’s toggle manually.
Backup software needs FDA for a simple reason: if the tool can’t read a file, it can’t back it up. Without FDA, your Mail database, iMessage history, browser data, and any file owned by another user on the same Mac are silently skipped. A backup that skips your email without telling you is worse than no backup.
In macup, the onboarding flow walks you to System Settings > Privacy & Security > Full Disk Access and detects the moment the toggle flips on. We show you the list of protected locations we can now read, and we refuse to mark a backup set “complete” until FDA is granted or you explicitly choose to exclude those paths.