

Unauthorized Cross-App Resource Access on Mac OS X and iOS - obstbraende
http://arxiv.org/abs/1505.06836

======
userbinator
_On modern operating systems, applications under the same user are separated
from each other, for the purpose of protecting them against malware and
compromised programs._

 _Fundamentally, these problems are caused by the lack of app-to-app and app-
to-OS authentications._

I see the security argument side of things, but I think that overall this
trend of compartmentalising everything is detrimental to the open interactions
between apps that made computers so versatile and useful. Put another way, by
building increasingly closed and restrictive systems, and requiring strict
authorisations and procedures for all interactions between their components,
we've significantly marginalised the ad-hoc, unpremediated sharing aspect of
computing --- one which I think is also extremely important.

It's certainly not a good thing to have data you want private leaked out, but
neither is it to be unable to freely share between apps what you _do_ want
without going through some horribly byzantine process involving only the app
developers and not the user. Something to think about, whenever someone
proposes isolating everything for the sake of security...

~~~
mikeash
I think compartmentalization is good, but the fundamental question is one of
who is in control.

I completely agree that interaction between apps is fundamental. It acts as a
multiplier, such that the whole is much more than the sum of its parts. Poor
facilities for inter-app interaction is why iOS is such a toy compared to
other OSes. It's great for browsing the web and reading your e-mail and such,
but it sucks for a lot of serious tasks because your stuff can't move easily.

But I don't think that interaction should necessarily be a free for all
either. Ideally, it would all be gated and put under my control. Then I can
ensure that things I want to do get done, and malware can't touch my stuff.

The trouble with Apple's approach isn't compartmentalization itself, but
rather than Apple has decided that users are too stupid to make their own
decisions, and so it is Apple who gets to decide which interactions are
allowed.

~~~
jobu
> ...Apple has decided that users are too stupid to make their own
> decisions...

Sadly this is true for many, if not most users:
[http://arstechnica.com/security/2008/09/study-confirms-
users...](http://arstechnica.com/security/2008/09/study-confirms-users-are-
idiots/)

It's a few years old, but it seems unlikely that things have changed much
since it was done:

 _" Some researchers have tested how college students respond to fake dialog
boxes in browser popup windows and found that the students are so anxious to
get the dialog out of the way, they click right through obvious warning
signs"_

~~~
mikeash
You're right. A lot of users simply can't be trusted to make good decisions.

There _has_ to be a way to protect those users without shutting down power
users, though. I don't know what it is, but Apple's approach of giving power
users a big middle finger is not good.

------
akmarinov
I just read the PDF and the only issue for iOS is the scheme duplication,
though that has been known for a while and it's up to developers not to pass
secure data through it. All the others are OS X only. The keychain is safe on
iOS, though when synced through to OS X, it becomes a problem.

------
Animats
_"...the inter-app interaction services, including the keychain, WebSocket and
NSConnection on OS~X and URL Scheme on the MAC OS and iOS, can all be
exploited by the malware to steal such confidential information as the
passwords for iCloud, email and bank, and the secret token of Evernote._"

If it's that good an exploit, it's probably already being exploited.

------
d0mme
What the hell?

