Everyone knows all the apps on your phone

(peabee.substack.com)

1192 points gniting | 1 comments | 29 Mar 25 21:26 UTC | HN request time: 0s | source

Show context

cheschire ◴[29 Mar 25 23:43 UTC] No.43519772[source]▶

Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

replies(8): >>43519783 #>>43519798 #>>43519847 #>>43519871 #>>43520382 #>>43520475 #>>43521311 #>>43521404 #

gruez ◴[29 Mar 25 23:45 UTC] No.43519783[source]▶

>>43519772 #

Most windows apps aren't sandboxed, so them being able to grab window titles is the least of your worries. Any program can steal your login sessions and passwords if they wanted to.

https://xkcd.com/1200/

replies(1): >>43519795 #

facile3232 ◴[29 Mar 25 23:47 UTC] No.43519795[source]▶

>>43519783 #

Are you essentially discussing like a keylogger? I can't imagine windows intentionally keeps the plaintext password anywhere longer than it needs to be.

replies(5): >>43519816 #>>43520114 #>>43520858 #>>43522437 #>>43523306 #

1. 9dev ◴[30 Mar 25 08:28 UTC] No.43522437{3}[source]▶

>>43519795 #

That, but consider also how an application running with your user privileges has full access to the filesystem with those privileges, so it can read your entire home directory, for example. That includes your browser profile with all cookies, and all credentials that applications store there unencrypted. Not to mention how that allows for all the fingerprinting even the most nefarious marketer could wish for.

Oh, and the UAC confirmations to elevate your apps permissions to root? People will gleefully confirm them without reading what needs access anyway, so you’re golden to do whatever you want.

The security model of Windows doesn’t exist.

↑