Windows 10 Bug – UWP Apps have Full Access to File System

Windows Articles

Learn how to control the volume of Windows using the mouse wheel.

Hi! Windows recently celebrated its 35th anniversary. Therefore, it is one of the longest lasting and most used systems currently. On the other hand,...

Install Nim programming language on Ubuntu 20.04 / Debian 10

Nowadays, almost everything is done with the help of a computer and a program. And the programs are made through a programming language. That...

Configure Samba File share Services with Ubuntu 20.04 LTS

Here, Today! let's discuss samba file share service with Ubuntu 20.04 LTS. If you need to share files between Linux and MS Windows...

Install Matomo on Ubuntu 20.04

Hello, friends. In this post, you will learn how to install Matomo on Ubuntu 20.04. It's quite useful to measure the traffic to our...

How to change DNS in Windows 10

Hi! Today we will talk a bit about networks. In fact, we will touch on a topic related to connectivity. Specifically we will see...

Windows 10 introduced the brand new way of enjoying apps by introducing the UWP apps – Universal Windows Platform apps. These apps would run on any Windows device without performing any modification in the code.

There’s been a new bug discovered in the way Windows implements UWP apps. Using this bug, the UWP apps have access to the entire file system in Windows, without asking the permission of the user! This action would allow any malicious app to store any data without the consent of the user.

How UWP apps access the file system

By default, the UWP apps have access to “<user_profile>/AppData/Local”, “<user_profile>/AppData/Roaming” and the “Temp” folder. If the app requires access to any file that’s outside of these locations, the developer can declare extra permission for the app.

The extra permission declaration(s) is declared in the app’s package manifest file. Using the declaration, the app can access other folders like “Documents”, “Pictures”, “Music” etc. folders. Here’s an example of the declaration of an extra permission to the folder “Pictures”.

<Capabilities>
  <uap:Capability Name="videosLibrary"/>
</Capabilities>

At the description of the app, Microsoft Store shows the extra permissions.

Here’s a screenshot of the “AppxManifest” file of the “Sticky Notes” declaring the “broadFileSystemAccess” permission.

According to the official documentation, “broadFileSystemAccess” allows access to all the files that user can access, for example, “Documents”, “Downloads”, “Desktop” etc. The official document also notes that on the first use, the system would prompt the user for allowing the access. If a dev submits an app in the Store with the declaration, there has to be a detailed description of why the permission is necessary.

This means, when you use such app that uses this permission, you’ll be asked about whether allowing the permission.

Controlling the permissions

There’s still a way that you can manage what permissions your app gets. Go to Settings >> Privacy >> File System.

You can disable the option so that no app can access your file system. There are other options for “Documents”, “Pictures” and “Videos” as well.

Above all, make sure that the app you’re installing is from a trustworthy source so that you don’t have to face any security issue in the upcoming future.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Learn how to control the volume of Windows using the mouse wheel.

Hi! Windows recently celebrated its 35th anniversary. Therefore, it is one of the longest lasting and most used systems currently. On the other hand,...

Install Nim programming language on Ubuntu 20.04 / Debian 10

Nowadays, almost everything is done with the help of a computer and a program. And the programs are made through a programming language. That...

Configure Samba File share Services with Ubuntu 20.04 LTS

Here, Today! let's discuss samba file share service with Ubuntu 20.04 LTS. If you need to share files between Linux and MS Windows...

Install Matomo on Ubuntu 20.04

Hello, friends. In this post, you will learn how to install Matomo on Ubuntu 20.04. It's quite useful to measure the traffic to our...

How to change DNS in Windows 10

Hi! Today we will talk a bit about networks. In fact, we will touch on a topic related to connectivity. Specifically we will see...
x