Hello,
Have been wondering for a while how to stop apps from impersonating other apps…
As far as I have read it seems as though an app requests permissions from the SAFE Authenticator by providing its name and perhaps a GUID to identify the app, and the user gets prompted to grant permissions based on that name…
When I run the current version - it doesn’t tell me much information about the requesting app… What is to stop another app from using another app’s name and another app’s GUID and requesting access? The user would see a request for permissions that is misleading, and if they grant it then the rogue app would have access to the other app’s data.
Is this a problem? I guess it’s a problem we have today - any app has access to any other app’s data in Windows… but I thought one of SAFE’s stated goals was to avoid this.
Would it be helpful if the SAFE Authenticator were to display the code-sign certificate of the program when it requests access? That might give people more confidence in the integrity of the publisher etc…
Also I think it’d be useful to be able to see a “Details” section showing the specific containers and access types the program would get access to, instead of a high level container permission. Will the current implementation change?
Also are there any plans to allow the user to permit/deny container permissions on an individual basis? e.g. allow read-access to certain folders but deny write-access to others?