Windows 10 Bug – UWP Apps have Full Access to File System

Windows Articles

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...

Windows 10 introduced the brand new way of enjoying apps by introducing the UWP apps – Universal Windows Platform apps. These apps would run on any Windows device without performing any modification in the code.

There’s been a new bug discovered in the way Windows implements UWP apps. Using this bug, the UWP apps have access to the entire file system in Windows, without asking the permission of the user! This action would allow any malicious app to store any data without the consent of the user.

How UWP apps access the file system

By default, the UWP apps have access to “<user_profile>/AppData/Local”, “<user_profile>/AppData/Roaming” and the “Temp” folder. If the app requires access to any file that’s outside of these locations, the developer can declare extra permission for the app.

The extra permission declaration(s) is declared in the app’s package manifest file. Using the declaration, the app can access other folders like “Documents”, “Pictures”, “Music” etc. folders. Here’s an example of the declaration of an extra permission to the folder “Pictures”.

<Capabilities>
  <uap:Capability Name="videosLibrary"/>
</Capabilities>

At the description of the app, Microsoft Store shows the extra permissions.

Here’s a screenshot of the “AppxManifest” file of the “Sticky Notes” declaring the “broadFileSystemAccess” permission.

According to the official documentation, “broadFileSystemAccess” allows access to all the files that user can access, for example, “Documents”, “Downloads”, “Desktop” etc. The official document also notes that on the first use, the system would prompt the user for allowing the access. If a dev submits an app in the Store with the declaration, there has to be a detailed description of why the permission is necessary.

This means, when you use such app that uses this permission, you’ll be asked about whether allowing the permission.

Controlling the permissions

There’s still a way that you can manage what permissions your app gets. Go to Settings >> Privacy >> File System.

You can disable the option so that no app can access your file system. There are other options for “Documents”, “Pictures” and “Videos” as well.

Above all, make sure that the app you’re installing is from a trustworthy source so that you don’t have to face any security issue in the upcoming future.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...