←back to thread

Everyone knows all the apps on your phone

(peabee.substack.com)
1192 points gniting | 4 comments | 29 Mar 25 21:26 UTC | HN request time: 0.858s | source
Show context
cheschire ◴[29 Mar 25 23:43 UTC] No.43519772[source]
Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

replies(8): >>43519783 #>>43519798 #>>43519847 #>>43519871 #>>43520382 #>>43520475 #>>43521311 #>>43521404 #
1. userbinator ◴[30 Mar 25 04:22 UTC] No.43521311[source]
Long-time Win32 programmer here - yes. This is by design. To use an analogy, Windows is like a "high-trust society".

There are functions EnumWindows() and EnumChildWindows() specifically for this purpose.

See utilities "Windows Modifier v2.00" (when I first downloaded it there were many pages about it, but it's a sign of how forgetful the Internet has become that I barely get any results about it now even searching for that exact name) and Microsoft's own Spy++ (SPYXX.EXE) for an example of this functionality.

The solution to an app you don't trust is to not use it at all, or use it in a VM.

replies(1): >>43521560 #
2. phyzix5761 ◴[30 Mar 25 05:20 UTC] No.43521560[source]
How do you identify apps that you shouldn't trust? Sometimes trust is assumed only until evidence is given that trust shouldn't be given. Which makes no sense to me. Why was the initial trust so easily given?

A solution is to not use third party apps but most people aren't going to go that route. The VM idea is a good option though.

replies(1): >>43521964 #
3. pjerem ◴[30 Mar 25 06:54 UTC] No.43521964[source]
> Why was the initial trust so easily given?

Because this architecture predates the existence of the current privacy nightmare.

In fact it predates the general availability of the internet. How could a program you would install from a floppy/compact disk bought on a store behave maliciously if you didn’t or barely had access to the internet ?

And then it stayed like this because Windows is heavily marketed as being retro compatible.

replies(1): >>43528259 #
4. userbinator ◴[30 Mar 25 22:18 UTC] No.43528259{3}[source]
It's also from a time when corporate mass surveillance was universally hated, software was not a service, and "phoning home" or requiring an Internet connection considered unacceptable to the majority of users.