Windows 10 Bug Let UWP Apps Access All Files Without Permission

Credit: MicrosoftCredit: MicrosoftMany developers want access to as much data as possible. This is part of the reason why so many apps request permission to access seemingly everything one could have on their device (with the other part being developers' need to sell ads). But what happens when the apps don't ask permission? According to .NET developer Sébastien Lachance, this is what happened with versions of Windows 10 released prior to the yet-to-be-relaunched Windows 10 October 2018 Update.

The developer noticed that his enterprise app stopped working after Microsoft released version 1809 of Windows 10. It turns out that's because the app required access to specific folders, and this was the first version of Windows 10 that didn't grant that access by default.

Universal Windows Platform (UWP) apps are supposed to be restricted to specific folders. They can request access to other folders, though, if they need to do so to function. This alone isn't a problem. Everything from iOS and Google Chrome to macOS and Android lets apps ask for greater permissions. Yet, a problem with the broadFileSystemAccess API that governed this process meant people weren't actually prompted by the apps.

Instead, the API simply gave developers access to all local files without letting the affected Windows 10 user know. Lachance said a list of apps with access to these files can be found by going to Settings > Privacy > File system, but most people are unlikely to go digging through their settings when their information is supposed to be secure by default. The Windows 10 October 2018 Update is said to have addressed that problem.

This breaks apps that relied on this API, like the one that prompted Lachance to investigate this issue, but it defends the privacy of many Windows 10 users whose information may have been up for grabs without their knowledge or consent. After the many problems the Windows 10 October 2018 Update has suffered—mainly revolving around two file system bugs—it's heartening to see that it contains some improvements as well.

But this is still more evidence that companies have struggled to manage distribution platforms that are supposed to keep people safe. From the bad apps in the Mac App Store and Google Play Store, to these problems with the broadFileSystemAccess API affecting UWP apps distributed via the Microsoft Store, it's clear that many platforms are not as trustworthy as they're supposed to be.

Create a new thread in the News comments forum about this subject
5 comments
Comment from the forums
    Your comment
  • John Nemesh
    Good thing I am not stupid enough to run any UWP apps on my PC then!
  • Nolonar
    Quote:
    Good thing I am not stupid enough to run any UWP apps on my PC then!

    And what alternative is there? Win32 apps? They've had access to the entire filesystem since forever.
  • pincher.lala.2014
    good job microsoft,,,,