Pearson OnVUE and AI overlays, a technical breakdown

Pearson OnVUE is the online delivery channel for Pearson VUE exams. You schedule a session, and on test day you download a small native application that Pearson calls the secure browser. It launches in a locked-down window, talks to a remote greeter (a human proctor on a webcam), and then hands you over to the test engine for the duration of the exam. The product is used for a large slice of the IT certification world, GMAT Online, several healthcare boards, and a long tail of professional licensure exams.

On macOS the secure browser is a signed application that the greeter walks you through installing. It requests Screen Recording, Camera, and Microphone permissions through the standard TCC prompts. Once running, it asks you to close other apps, takes a 360-degree room scan over your webcam, and only then unlocks the exam content. Everything that happens after that point is happening inside one foreground window with the system permissions Apple grants it, nothing more exotic than that.

Four streams are flowing during a live OnVUE session. The webcam, continuously, to the remote greeter and to Pearson's review queue. The microphone, continuously, with audio analytics for second voices and prompts. The screen, via the system screen-capture APIs the secure browser was granted at launch. And a one-shot process inventory the greeter pulls during check-in to confirm you closed the apps they asked you to close.

The screen capture is the part most candidates misunderstand. OnVUE on macOS uses Apple's CGWindowList family of APIs (and on newer macOS releases, ScreenCaptureKit) to grab the display. Those APIs are the same ones QuickTime, AirPlay, and every legitimate Mac screen recorder use. They are powerful but they are not magic. They show what the window server is willing to render into a shared bitmap, and the window server honors per-window opt-out flags. Anything an app explicitly marks as non-shareable simply does not appear in that bitmap.

Whisply is a menu-bar app. There is no Dock tile, no main window in the traditional sense, and no entry in the standard Cmd+Tab application switcher during an exam. The interface you see is an NSPanel that floats above other content, summoned by Cmd+Return, and dismissed the moment you do not need it. The panel sets its sharingType to NSWindowSharingNone at creation, which is the same flag Apple's own DRM-protected video uses to stay out of screenshots.

The practical effect: when OnVUE's secure browser asks the system for a bitmap of the display, the Whisply panel is omitted from the composited image the OS hands back. The greeter sees your desktop, your secure browser, and whatever else you have on screen. They do not see the Whisply panel because the window server never put it in the frame. This is OS-level behavior, not a hack, not a private API, and not something Whisply needs special permissions to do.

Camera-based detection is its own world. If your webcam sees you looking down and to the left every twenty seconds, a trained reviewer will notice. If your audio picks up the soft thump of a trackpad while you are supposed to be staring straight ahead, that gets flagged too. Whisply does not change your behavior in front of the camera. That part is on you, and the academic-honesty note further down is not optional reading.

There are also things outside the standard capture path that Whisply makes no claims about. A managed device with corporate MDM that ships its own screen-recording payload is a different threat model. A second physical phone propped against your monitor recording your screen is a different threat model. Whisply is designed for the case OnVUE actually defends against on a personal Mac, which is the secure browser's view of the display. Anything beyond that is beyond what an overlay can do and beyond what we will pretend to do.

The first generation of remote proctoring, around 2012, was a human on a webcam and not much else. The second generation added a downloaded agent that watched the process list and screenshotted the desktop on a timer. The third generation, which is where OnVUE and most peers sit now, adds machine-learning models on the webcam stream, environmental audio classifiers, and tighter use of OS-provided capture APIs so they do not have to reinvent screen recording.

The interesting wrinkle is that as the OS-provided APIs got better, the per-window privacy controls Apple ships alongside them got better too. macOS 13 cleaned up ScreenCaptureKit's content-filtering surface. macOS 14 and 15 tightened the TCC prompts and per-window exclusions. Whisply rides those primitives. We are not racing the proctor on capture cleverness; we are using the same window-sharing controls Apple built for FaceTime, AirPlay, and DRM-protected video.

OnVUE is more conservative than LockDown Browser or Examplify in one specific way: it relies more heavily on a live remote greeter and less heavily on aggressive client-side enforcement after the exam begins. There is no kernel extension on macOS. There is no attempt to block keyboard shortcuts at the HID level. The lockdown is mostly behavioral, enforced by the greeter watching you, plus a flagging pipeline that reviews the recording later.

That makes the technical surface area on the Mac side narrower than people often assume. The greeter is the real proctor; the software's job is to give the greeter clean video, clean audio, a clean view of the screen, and a clean list of what was running at launch. Whisply is invisible to the screen view by design, summoned without showing up in the Dock, and idle on disk before the hotkey fires. The greeter remains the part of the system most likely to notice a person doing something obvious on camera, which is a category of risk that no overlay technology will ever change.

Whisply is notarized by Apple, signed with our developer ID, and ships through our own installer. It asks for Screen Recording so it can read what is on your display for context, Microphone so it can hear meetings, and on Pro Undetected it asks for Accessibility so Computer Use mode can act on your behalf. None of those permissions are used to interfere with another running application, and none of them are used to spoof system state.

We deliberately do not inject into other processes, do not patch system frameworks, and do not ship a kernel or system extension. The whole design rests on standard, documented Apple APIs used in their intended way. That is a quieter approach than what some tools take, and it is the reason Whisply keeps working through OS upgrades when more aggressive products break.