Forum Discussion
Regarding Windows 10 file system access and privacy
HotCakeX
Thank you for your reply!
I have never installed any software using CD, USB or another drive, so that excludes that.
A: according to the description of file system in Windows settings:
It states: Documents, Pictures, Videos and OneDrive files
1)
Does it refer to the standard / generic Windows folders?
2)
The same folders as in the menus for Privacy - Documents and Picutes and Videos?
3)
So the File system access function, only covers the Documents, Pictures, Videos and OneDrive folders?
My uncertainty sprung from other articles / forums using other phrases like:
"apps can access your full file system"
"permission to have broad file system access"
Q: Where can I see, which apps previously have been granted access to my file system?
A: in Windows Settings => Privacy => File system
4)
Apps that have requested permission (both declined and granted), do they appear in the list Choose which apps can access your file system?
Thanks in advance
The filesystem access permission you refer to is broad access to the filesystem. It includes every folder the user has access to. This permission should never be needed or used by any normal app, so it is good that this list is empty.
Every UWP has certain default permissions for file system access which do not need to be granted seperately:
- The applications install directory
- The applications data location
- Removable drives if it uses the AutoPlay extension
- Files and Folders in the users "Downloads"-Directory, but only those which the App created itself
Fo an app to gain access to additional locations it has different options. For example it can gain access to well-known user folders (Pictures, Music, Videos, Documents...) with special permissions it has to be granted first. Each of the well known folders has it's own access mechanics for UWP apps and none are granted by default.
The second option (and most used normally if an app needs access to additional files on your system) is using the filepicker-dialog. This dialog is not part of the app and is presented by Windows to the user. The user then selects the file (or folder) that he wants to open in the app. The app now only gets a handle to the file or folder selected by the user, it does not gain access to the actual location.
The last option is the permission you asked for. This would grant an app broad filesystem access, meaning it can access everything the user can access, and without asking first! No normal app should ever need this permission and you should be very careful if you want to give this permission to any app at all.
If the list is empty, no currently installed App on your system uses this permission (as it should be).
As already mentioned by HotCakeX: All this only applies to UWP Apps (apps from the Microsoft Store) and not to old-school win32-applications. If you install anything on your system not from the Microsoft Store, you can't easily know what it can access. It can be nothing or all and everything in between.
"This would grant an app broad filesystem access, meaning it can access everything the user can access, and without asking first!"
what's the Source for that?
the description this
broad file system access, everything a user can access, I as the user, can access every single file on my computer, on any drive, hidden or not. I don't think that privacy option, once turned on, gives the same capability to UWP apps. but if it does, I like to read the source for that.
The official documentation for file access permissions for UWP apps:
https://docs.microsoft.com/en-us/windows/uwp/files/file-access-permissions
Also experience from developing UWP apps helps. 😉
Never trust the simplified descriptions from end-user GUIs.
The full file system access permissions should never be used for any UWP app, the only reason it exists at all is that some special applications that wanted to port to UWP couldn't, because there was no way to get the same filesystem access as a normal win32-app. So microsoft added this permission in later Windows 10 builds, to lower another barrier for porting older apps to UWP.
Every normal app should never need this though. It is completely enough to just use the filepicker dialog or ask for permission to access pictures or music. In rare cases eventually even documents, but most of the time, none of this is needed for UWP.
I wrote a media-file-converter in UWP and as such the user needs to be able to open any video or audio file on his computer inside my app. Still I didn't need any file system access at all because I just used a filepicker dialog which the user can use to select the file he wants to convert. My app does not need any access to the file itself. The filepicker dialog (which is handled by Windows itself) hands me over the file and I don't even need to know where it came from.
UWP security is very top-notch and any app that asks for this "file system level permission" is very suspicious! I can't imagine a single valid scenario for any app to need this permission at the moment. I'm sure there are special cases, but none that I can think of.
dretzer
Thank you so much for your enlightening replies
I have some questions regarding your inputs:
"For example it can gain access to well-known user folders (Pictures, Music, Videos, Documents...) with special permissions"1)
The permissions in Privacy - Documents and Picutes and Videos?
2)
What is a filepicker dialog?
That you just open the file through the UWP?
(As Hotcake pointed out before, im not tech savvy)"If you install anything on your system not from the Microsoft Store, you can't easily know what it can access"
3)
Where can I see, which software I have given access through time? And to what locations / directories?
You point out several times, that no apps should need or be given File system access.4)
Does the list include apps that has been granted access earlier in time?
And also if the apps was deleted from the PC?
Thanks in advance for your further replies
