I am working on a MAC application. Is there a provision to store data generated by the app (be it an image or any other document) at a location accessible only by the application. I read through the sandbox feature, but the container created is still accessible by the user directly. Since I am from an iOS background, wondering if the feature to store application data in iOS devices , not accessible by the user directly, is available in Mac applications too? Please advice.
Is there a provision to store data generated by the app (be it an
image or any other document) at a location accessible only by the
application.
No. An administrative user can access any file on the machine. I can think of three options:
Rethink the requirement. The user should be in charge of the application, not the other way around. An application that needs to hide user data from the user sounds suspicious.
Store the data on a server that the user can only access through your application.
Encrypt the data so that the user will have a hard time using it.
By the way, data is only hidden from the user on iOS because the entire file system is hidden. The permission system is about the same as on OS X.
Related
What is the common practice to track an app instance built with electron?
More specifically, when multiple users have built and run the application on their own machines, is there a way to identify which user is which when for example they are making calls from within the app to a common shared Flask API deployed on an external server?
you can use this package from NPM and then just store the user's system information into your database. so, If the user is already logged in to that system add one active flag next to system info into your database. so, now you have all information about which user logged into which system.
My Use case :
I have an automation framework for Mac that launches 2 instances of the same app ( same bundle id) available at different locations to simulate two endpoint cases for media calls. With introduction of Mojave permissions, when I grant permission( camera , mic & accessibility) for one instance of the app, the other instance doesn't have the same permissions.
Since the bundle id is same, is it not that providing permission for the app is carried over to both instances?
I tried pushing a system profile to provide permissions but that doesn't seem to work
Also added an apple script to continuously check for permission pop-up and click ok to it. This works for mic and camera but not for accessibility. Also when each instance is launched the permission would be asked again.
Is there a way to by default provide all access to the application by default without asking for any permission pop-ups?
Or is there any way to tweak something at the OS level to not ask for permissions at all ( behave same as <10.14) .. I tried disabling system integrity but that doesn't seems solve this issue
You need to code-sign all versions/copies of the app using the same identity.
When an app is not code-signed and the system needs to record its identity (as for permissions), it generates an ad hoc code signature. That signature, though, only matches that exact build of the app. Another copy of the app that is different in any code-signature-relevant way is not considered to have the same identity. In fact, it's likely to be considered "malicious" as it appears to have been tampered with.
If you code-sign your app with appropriate designated requirements, that enables the system to understand that two different versions of an app have the same identity and should share permissions. This is key to an app maintaining permissions through an upgrade to a new version, for example.
I was trying to program a simple TODO app for Yosemite with sandboxing. Apple has its tutorials for the same but they are not very elaborate. I wanted to know sandbox APIs like sandbox_init() and APIs for console logs (heard sandboxed apps use some special APIs). Could someone please point me to some open source app with sandboxing on Yosemite, so that I could see the APIs that it is using.
You don't need to use sandbox_init() etc. in order to create a sandboxed app.
Roughly, you need to understand:
Use the APIs to find well known directories and don't assume that /Users/username/Documents is the Documents folder, for example.
The app has no access to user files and must gain access via NSOpenPanel.
If the app wants to retain access it has already gained then it needs to create and store bookmark URLs, which can be reloaded during a later invocation.
If the sandboxed app spawns a child process, then that child process needs it's own set of entitlements.
Once you understand that it's normally just a case of setting Use Sandbox in the app capabilities and you're off.
I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution
It seems to me that if the user installs another browser on Windows 8, the default tile for Internet Explorer should change to that new browser. However, it doesn't seem like Chrome or Firefox currently does this. Is it even possible to replace the IE tile with the tile for another app programmatically?
You can't do that.
All Windows store applications work in a sandbox environment and doesn't have access to core OS api's. App's are restricted to core OS api's so that malicious applications cannot change system setting without user knowing about it.
Start Screen is OS level, and Apps do not have acces to the order of tiles. If they had, user would loose all personalization made as every App would move itself to the first row and column, as Raymond Chen stated.