She had three Zoom calls, but the app accessed screen and system audio 630 times

Published: 26 February 2026
Last updated: 3 March 2026
Eyes on the computer screen closely watching the user, concept of surveillance
Image by Cybernews.

Zoom may be accessing your screen and system audio even when you’re not actively using the platform. Should you be worried about it?

Entrepreneur Yuliia Habriiel was notified that Zoom accessed her screen and system audio 630 times in the last 30 days, despite her having only two to three calls on this video conferencing platform.

Habriiel, who is the CEO of eyreACT, an AI regulatory compliance platform, says it is the “combination of scope and silence” that she finds concerning.

ADVERTISEMENT

“Zoom was accessing screen content outside of any active screen-sharing session, and the notification came from my operating system, not from Zoom itself. That means if I hadn’t had those system-level permissions visible, I would never have known,” Habriel tells Cybernews.

Installing Zoom on macOS requires granting permissions for the camera, microphone, and screen and system audio recordings to ensure it works properly during video and audio calls.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Eglė Kristopaityte
Don't miss our latest stories on Google News
Google News Follow us

Habriel says Zoom isn’t “uniquely malicious,” as software quietly expands access permissions and buries it in Terms of Service (ToS) updates, relying on the fact that the majority of users won't notice.

Daniel Ferecatu, macOS Developer at Heimdal, says the notification Habriiel received is unlikely to be an error, as macOS 13 and later versions now display an informational notification to increase transparency around sensitive permissions.

Zoom’s spokesperson tells Cybernews that access to a user’s screen or audio occurs only when the user intentionally activates a feature that requires it, such as screen sharing or audio participation.

“This is consistent with how video conferencing and collaboration platforms operate generally – providers do not access screen or audio content unless a user chooses to activate those capabilities,” according to the company’s written response.

ADVERTISEMENT

Zoom states that Apple Transparency, Consent, and Control access logs entries are generated continuously only while Zoom is actively in use.

Therefore, the high number of alerts for this Mac user does not indicate Zoom accessing items outside meetings. The alert count increases during meetings, sometimes more than once per second, depending on the features in use.

Why is Zoom accessing screen and system audio?

Adam Pilton, cybersecurity advisor at Heimdal, says accessing users’ screens and system audio without their knowledge would raise serious privacy and security concerns.

In this case, Zoom could capture confidential emails, commercially sensitive material, workplace discussions, and HR-related conversations.

When Pilton conducts vulnerability scanning across organizations, the Zoom app is often flagged. However, not because it is “inherently malicious,” but because it is either outdated or because legacy user profiles remain on devices.

“Unpatched software creates exploitable weaknesses. If you combine a vulnerable application with one that has legitimate access to screen sharing and audio functionality, that could present an attractive opportunity for a cybercriminal,” Pilton tells Cybernews.

While repeated access to these systems when Zoom is not actively in use raises privacy concerns, there may be legitimate technical reasons for it, according to Aristide Bouix, a managing director at Code & Capital.

zoom malware
Image by Cybernews

For example, the access may be needed for background processes, update checks, or maintaining session readiness.

ADVERTISEMENT

Like most modern enterprise software, Bouix explains, Zoom likely retains the technical capability to receive remote instructions for updates or configuration management, which is standard practice.

Bouix tells Cybernews, “The risk would emerge only if there were a vulnerability, infrastructure compromise, or excessive permissions relative to functional need.”

For instance, Malwarebytes, a cybersecurity firm, has recently discovered that hackers can trick Windows users into joining fake Zoom meetings and downloading fake updates that silently install workforce analytics software.

This allows hackers to log every keystroke, take screenshots, record web browsing and app usage history, capture clipboard contents, and track email and file activity.

How do I prevent Zoom from accessing my screen?

Habriiel says she now immediately closes Zoom after a meeting and removes it from the Dock on Mac, which sometimes requires force quitting.

In addition, she moved sensitive calls to alternative platforms and reviewed permissions for all applications on her devices, emphasizing that everyone should do it periodically.

However, surveys show that the majority of Americans rarely read ToS or data privacy policies before agreeing to them, risking granting excessive permissions and violating their privacy.

Bouix tells Cybernews that basic controls help reduce exposure and recommends taking the following steps:

  • Review and limit permissions in macOS System Settings → Privacy & Security menu
  • Disable auto-launch at startup
  • Fully quit the app when not in use
  • Keep both Zoom and the OS updated
ADVERTISEMENT

“Ultimately, transparency is key. If users receive frequent background access notifications, the vendor should clearly explain what process is triggering them and why,” Bouix says.

Ferecatu notes that macOS continuously provides visual indicators when sensitive components are in use. For example, an orange indicator appears when the microphone or camera is active.

“This allows users to assess whether the usage is expected, for example, during a meeting, or unexpected, such as when the application should not be active,” he explains.

Data privacy concerns are now geopolitical

For users like Habriiel, the prospect of Zoom accessing her data when not in active use is also a geopolitical concern.

“This is a US-headquartered company quietly collecting screen-level data from millions of European users – government officials, corporate boards, healthcare professionals, lawyers in privileged conversations,” she says.

Amid an increasingly strained relationship with the US under the Donald Trump administration, European countries are actively seeking local alternatives to US tech.

France has recently announced plans to ban its public officials from using Zoom and Microsoft Teams, and to replace them with its own video conferencing platform, Visio.

The French government cited concerns about data security and strategic dependencies.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked