back to article Apple's defense against apps vandalizing other apps still broken, developer claims

Apple last year introduced a security feature called App Management that's designed to prevent one application from modifying another without authorization under macOS Ventura – but a developer claims it’s not very good at its job under some circumstances. "If an app is modified by something that isn't signed by the same …

  1. Mishak Silver badge

    Not sure I get it

    A text editor being used to edit a text file is a vulnerability? I use Sublime Text, and it will allow me to edit any file, prompting for authentication if I don't have write permissions.

    What I don't like is the way Skype for Business (I have a client who can only use that for web meetings!) changed the settings in FaceTime so that any calls I tried to make (including when handing off to my iPhone) were routed to Skype - and I wasn't asked by the installer if I wanted to make Skype the default.

    I agree that API changes to another apps settings and the direct manipulation of another app's files should not be allowed without use approval, so I guess that's what this is really about?

    1. Pascal Monett Silver badge

      Re: Not sure I get it

      Good question. There are plenty of Windows applications that can make major changes to system-wide settings. Is that supposed to be considered a bug ?

      When I double-click on a PDF and the system asks me if I want to define a given program as default for opening PDF files, I do not consider that a bug. I've been asked, therefor I give or refuse my authorization and I find that that works.

      But if I have a application that automatically overrides my existing settings because their developers know best, that is the kind of thing that will make me nuke their application and never go back to it.

      Now, the real question is : Skype for Business, that still exists ? Hasn't that been folded into Teams ?

      1. Neil Barnes Silver badge

        Re: Not sure I get it

        a application that automatically overrides my existing settings

        Ah, that would be the company that replaces my default browser with Edge, then? Because obviously MS knows best.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not sure I get it

          Personally, this sounds like the work of the company that associates every conceivable file type with VS Code such that it’s easier to uninstall the entire thing than try than try and manually reassign the defaults.

      2. big_D Silver badge

        Re: Not sure I get it

        The PDF example is a system wide operating system setting, it isn't changing the PDF reader or its settings, it is using a central OS API function to define which application the OS calls, when opening a PDF file.

        This is one application changing specific settings in another application, or the application's code. Only the program itself should be able to change its setting.

        For example, you don't want a rogue web browser add-in changing the configuration of the AV software to whitelist the downloads folder, so that any files downloaded are no longer checked for malware, the security mechanism should stop this, but it seems, if it uses a go-between (E.g. a sandboxed app, like TextEdit) to do the work for it (automation), it can bypass this security feature.. This is what the feature in macOS is supposed to stop, but it seems that it is not doing its job properly.

        SfB still exists. There is still SfB onsite. SfB in Microsoft 365 has, AFAIK been deprecated and users moved to Teams.

        1. Alumoi Silver badge

          Re: Not sure I get it

          Only the program itself should be able to change its setting.

          WTF? So now we can't modify .ini/.cfg files in npp or via the command line because nanny knows best?

          1. big_D Silver badge

            Re: Not sure I get it

            No, you can do that. But other programs shouldn't be able to that without your permission.

            If you try and edit the config file yourself, you should get a warning, but can continue.

            If another program tries to edit the settings, or replace part of the program, it is blocked and you are warned, if you started that other program, you can let it continue, but until you give it permission, it should be blocked.

            This is the part that is broken, if that other program uses a sandboxed program, like TextEdit to do the dirty work for it (automation), you don't get warned. If you try and edit the config file yourself with TextEdit, you won't get a warning.

            1. Anonymous Coward
              Anonymous Coward

              This is a design choice

              Sandboxed apps can also bypass mandatory access controls protecting Documents and Desktop if the file opened using a file open dialog, which is powered by an XPC service. Thus, automation can naturally be used to cause a sandboxed app to open any file the sandbox wouldn’t explicitly prevent it from opening. However, automation access is not easy to come by, as you need to execute a script via terminal or have access via an app which already has automation access. In the case of the terminal, it’s worth noting that the mandatory access controls treat it as a monolith and cannot differentiate between commands executed inside of it, so a command like ls within the shell will get the same kind of access as any other command line binary you execute, allowing attackers to run roughshod over power users.

              For Apple to properly protect against the described issue, they would need to start going down the Type Enforcement route that SELinux uses, instead of taking the targeted approach they’re currently using. and that is fundamentally difficult for normal users to get to grips with, even if they do implement helpful choices as/when events occur.

    2. Phones Sheridan Silver badge

      Re: Not sure I get it

      The way I understand it, a malicious program is downloaded from the internet. This program wants to make changes to config files on your desktop, but it can't because the App Management software correctly intervenes. Instead the malicious program calls up a sandboxed app and that app makes the changes instead, without the App Management noticing. End result is modified files caused by a malicious program.

      Now how much naughty stuff can be got up to once your internet downloaded program successfully makes config changes is a discussion for much more learned Mac OS users.

    3. big_D Silver badge

      Re: Not sure I get it

      This is the editing of the configuration file that belongs inside the application packet. This should be blocked by the OS and letting the user decide whether to continue.

      The nearest equivalent on Windows would be a user trying to change a configuration file in the application folder or Windows folder, Windows will ask them to enter the administrator username and password, before they can save any changes (assuming they are following best practices and aren't logged in with an administration account). This is a bit more thorough, or rather is supposed to be more thorough, even logged in as an admin, an application shouldn't be able to change another application or its settings, without the OS informing the user of the fact and letting them decide, whether to proceed or not.

      This would, for example, stop malware from changing the settings in the web browser to stop it checking for malware, or changing the AV software to whitelist a certain app or directory, for example, or overwriting an application with an infected version. Using automation and existing sandboxed apps, the malware can seemingly get around this restriction.

  2. Anonymous Coward
    Anonymous Coward

    Can someone ELI5 this for me, I'm a bit confused.

    Do apps on MacOS get installed in user space or something?

    On Linux an app cannot mess with another app unless I run it as root or something or unless I have installed the app in a user level context (e.g. a SNAP).

    This all sounds like a filesystem level thing to me.

    1. Spazturtle Silver badge

      "Do apps on MacOS get installed in user space or something"

      Apps are just uncompressed zips that to install you just drag and drop into your Apps folder.

      From what I can tell Apple's security stops apps from directly changing other apps without user input, but it doesn't stop the file picker from selecting other apps files, so you can open TextEdit and open the settings file for another app, make changes and then save them.

    2. Dan 55 Silver badge

      Apps are directories with files inside which follow a structure. They may be in user space or they may be in /Applications.

      If the app folder is dragged to /Applications without an installer as most are, the owner is still the user (failure 1) and some of the files inside may be changed because Gatekeeper doesn't check everything on every run.

      Also, apps create their files in ~/Library. The structure more defined than AppData in Windows but apps can still create files with almost any name they want (failure 2). Apple have been trying to retrofit jails for each app but a lot of stuff belonging to other apps can still be messed around with.

  3. ChoHag Silver badge
    Thumb Down

    He should have responsibly allowed Apple to continue to fuck their users with shoddy software nobody knows or can complain about and which there is not an incentive to fix.

  4. ecofeco Silver badge

    Well this is awkward

    Apple is tight arsed about just getting an app in their store and yet this is still a problem?

    I'm not buying. Apple is full of it.

  5. null 1

    File Permissions?

    Shouldn’t this be addressed with proper file permissions?

    1. gnasher729 Silver badge

      Re: File Permissions?

      "Shouldn’t this be addressed with proper file permissions?"

      That shouldn't be necessary; there is supposed to be a global permission "an app cannot modify other apps", with some exceptions, like any two Microsoft apps could do things to each other that a Microsoft and an Adobe app wouldn't be allowed to do. The problem is that TextEdit does exactly what it is supposed to do, it edits text files, including configuration files. If you are the user of the app and want to edit its configuration, that is exactly what you would do.

      On iOS there is much stronger protection. That's why x% of users love iOS and 100-x percent hate it. The first say "wonderful, it's a walled garden, exactly what I want" and the others say "godawful, it's a walled garden, I can't do what I want. "

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like