←back to thread

Everyone knows all the apps on your phone

(peabee.substack.com)
1192 points gniting | 4 comments | 29 Mar 25 21:26 UTC | HN request time: 0.694s | source
Show context
cheschire ◴[29 Mar 25 23:43 UTC] No.43519772[source]
Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

replies(8): >>43519783 #>>43519798 #>>43519847 #>>43519871 #>>43520382 #>>43520475 #>>43521311 #>>43521404 #
1. ranger_danger ◴[29 Mar 25 23:56 UTC] No.43519847[source]
Not only can most apps see the titles of all other open windows on the system, but they can log all your keystrokes, take screenshots, record audio/video of you or your screen, or copy/delete all the files in your home directory, without any explicit permission or notification.

This is at least true for Windows and most traditional (X11 at least) *nix systems.

That is one thing I think Android got right... by default it runs every application as a different user. That means different home folders and no visibility into other apps.

replies(2): >>43519945 #>>43520312 #
2. esprehn ◴[30 Mar 25 00:17 UTC] No.43519945[source]
Originally Android apps could draw over top of any other app though which is a phishing nightmare. It took them a long time to make that a permission, and then everyone granted it until they finally added the bubbles API recently.

Permissions are difficult to get right, and Android is unfortunately pretty slow to react.

3. Numerlor ◴[30 Mar 25 01:16 UTC] No.43520312[source]
On windows you shouldn't be able to do (most of) these directly with apps running under admin, though that's a small consolation when the browser is a normal process.

I'm not sure if we'll get away from these anytime soon as any out of the box solution will inherently limit the user's freedom that has persistently been there for decades on PCs

replies(1): >>43523941 #
4. ranger_danger ◴[30 Mar 25 13:17 UTC] No.43523941[source]
I have absolutely done all of these things on Windows, even for commercial applications. Programs that keylog (i.e. calls SetWindowsHookEx) sometimes get tagged by antivirus though.