I made this tool for macos systems that helps detect when a package accesses something it shouldn't. it's a tiny go binary (less than 2k LOC) with no dependencies that will mount a webdav filesystem (no root) or NFS (root required) with fake secrets and send you a notification when anything accesses it. Very stupid simple. I've always really liked the canary/honeypot approach and this at least may give some folks a chance to detect (similar to like LittleSnitch) when something strange is going on!
Next time the attack may not have an obvious performance issue!
I always wanted to mess with building virtual filesystems but was unwilling to venture outside the standard library (i.e. libfuse) for reasons wonderfully illustrated in this thread and elsewhere. Somehow the idea of implementing a networked fs protocol and leaving system integration to the system never crossed my mind.
I'm glad more people are taking this stance. Large centralized standard libraries and minimal audited dependencies is really the only way to achieve some semblance of security. There is simply no other viable approach.
that's a really good point and could be an interesting thing to play with as an extension. Since we potentially know which process is doing the "read" we could ask the user if it's ok to kill it. obviously the big issue is that we don't know how much has already been shipped off the system at that point but at least we have some alert to make some tough decisions.
Apple announced at the Worldwide Developers Conference (WWDC) 2023 in June new initiatives to increase transparency about mobile app privacy. All mobile app developers will be required to submit a privacy manifest that details data collection practices and usages when they add or update an iOS app in App Store Connect, the platform used for publishing and tracking performance in the App Store.
Apple will offer a grace period for developers to become familiar with the forthcoming privacy requirements.
Beginning in fall 2023, Apple will email developers via when an app uses a privacy-impacting SDK without providing a privacy manifest or taps a required reason API without specifying a valid explanation in the privacy manifest. Starting in spring 2024, the privacy manifest will become mandatory and Apple will begin enforcing that requirement as part of the app review process.
I made this tool for macos systems that helps detect when a package accesses something it shouldn't. it's a tiny go binary (less than 2k LOC) with no dependencies that will mount a webdav filesystem (no root) or NFS (root required) with fake secrets and send you a notification when anything accesses it. Very stupid simple. I've always really liked the canary/honeypot approach and this at least may give some folks a chance to detect (similar to like LittleSnitch) when something strange is going on!
Next time the attack may not have an obvious performance issue!
reply