Forum Discussion
Regarding Windows 10 file system access and privacy
1) Yes
2) The "filepicker-dialog" is a special dialog to present to a user to select a file or folder. The difference in UWP apps is that this dialog gets only called by the app, but not implemented by it. The dialog itself, that you get as a user, actually comes from the operating system itself. So it allows access inside the dialog to every location which you yourself have access to. The operating system ensures this way that a user can select any file or folder, even ones the app does not have access to, and hand it over to the app.
If you select a file in such a dialog, you actually didn't talk to the app, instead you told Windows that you want this file to be opened in the app. Windows itself then gets a handle to this file and just passes this to the app, without giving the app itself any access to the location of the file. The app now can access the files metadata and use read/write permissions on the contents of the file, but nothing more. This is the most secure way to give an app access to any file on the system without the app needing any permission for it. But it means of course that you, as a user, have to select the file manually each time. The app can't access anything by itself without you handing it over each time.
3) For UWP apps: exactly where you already looked. In the privacy section of your Windows 10 settings. If an app is not there, it has no access (except to it's own program and data folder of course).
For win32-apps, you have to assume it has access to everything. Or you would have to learn about access control lists, ntfs permissions, object permissions, mandatory access control and more. You would need a lot of additional knowledge to exactly tell what a normal win32 app can and can't access. The general rule for win32-apps is that they can access at least everything you can. So if you can read it, so can the win32 program, if you can write or delete it, so can the program, and so on.
win32 apps are not sandboxed so they have all the same permissions as the user who launches the program. The problem is that they can even have more permissions than yourself, if implemented in certein ways. Remember that win32-apps normally come with an installer program that needs administrative permissions to execute. So for the time of the installation, the program has every permission possible on your system. you can hardly know what it really did in that time. If you don't trust a program, don't install it, easy as that.
This is one of the many upsides of UWP. Here you have clear visibility what it can and can't do and it doesn't get any extra permissions for installation. Afterwards it always runs in a special sandboxed mode so Windows can ensure your data privacy and security.
4) If you remove an UWP-app the app is removed completely, including all permissions you gave it. So the list shows you the current state of the system, not the history. If you give an app file-system-access it will show in the corresponding list, if you uninstall the app afterwards, it disappears from the list. removing an UWP app ist a complete removal as if the app was never there in the first place. The only things that may be left behind are user-specific data files in some cases but even those are removed in most cases.
dretzer
Thank you for your long reply
It was really explanatory and understandable
3)
Here I was thinking not only about UWP, but about overall software. PC games installed through the Steam client, anti-malware software etc. I have given alot of software access to my drive through time. Was wondering, where I could locate / see that list?
More questions:
In File system and Allow apps to access your file system
The function is ON, and it was ON by default.
Does that mean, that apps get granted access automatically, or do they still have to ask for permission?
OFF, does that auto-block permissions?
Yes, this is the key point: Are UWP-capable apps more "safe"? And how would one know this while using Windows? I recently downloaded an app from the MS Store and was presented with the file access setting and had never seen it before, so I was very suspicious...why was just this one app asking for file access and why is it the only app in that list? So I began searching the net for info. Once again, searching for help with Windows rather than using it to be productive.
Even the MS https://support.microsoft.com/en-gb/windows/-windows-file-system-access-and-privacy-a7d90b20-b252-0e7b-6a29-a3a688e5c7be says:
"Not all apps will appear in the list where you can choose which apps can access your file system. Certain Windows programs, such as those that are downloaded from the internet or installed with some type of media (such as a CD, DVD, or USB storage device) won’t appear in that list and are not affected by the setting that lets apps access your file system."
Well duh, every program is downloaded / installed. So no help there, either.
My conclusion from reading through this thread: it seems there is the "old" technology that can essentially do whatever it likes with files and "new" tech (UWP) that allows / disallows file system access. And maybe -- just maybe -- apps from the MS Store use UWP but other sources not so much. But I'm still not 100% confident about all this. These are just my best guesses.
Enough with "how-to" information! "How-to" is often easy once you know the impact of your actions and understand--in this case--why the list of programs allowed access might be empty.
My graduate degree is Comp Sci, but I don't have time for this crap. And I feel sorry for those dealing with all the nonsense from MS without a tech background
End of rant.
- Could anyone please help me with the last question?
Thanks in advance
If it is only UWP software, that can ask for file system access, and that that UWP is also accessible through the Microsoft store - is it then safe to assume, that UWP's are safe? (That they don't steal / upload my personal files) Ysera_Dreamer
Could anyone please help me with the last question?
Thanks in advanceIf it is only UWP software, that can ask for file system access, and that that UWP is also accessible through the Microsoft store - is it then safe to assume, that UWP's are safe? (That they don't steal / upload my personal files)
- If it is only UWP software, that can ask for file system access, and that that UWP is also accessible through the Microsoft store - is it then safe to assume, that UWP's are safe? (That they don't steal / upload my personal files)
The Steam games I have installed, is also accessible in the Microsoft Store, so I assume they are safe then.
I only have one user on my system, and it is the admin. I am cautious about what software I download, I always update my system and often scan for malware etc. The main switch for the setting enables the functionality. So setting this to OFF disables it entirely.
Having this setting ON just means that Windows will support the functionality, but apps still need to ask for this permission on a per-app basis. If you turn it OFF an app can't even ask for it as the basic functionality to even get file-system-access is disabled.
Regarding your games on Steam: as they are not using UWP it's the steam-clients responsibility to make sure your system is safe. Sadly history showed that Valve is very bad at this. There are sad storys with how they treated security researches in the past regarding bugs in the steam-client.
If security is your concern, I recommend looking for your games on the microsoft store before you buy them on steam. Only get games on steam if the game is not available on the Microsoft Store.
Also make sure your Windows account does not have administrative permissions but instead use a standard user account to use steam and steam games. Remember that non-UWP software always has the same permissions as you (and UAC for admin-accounts is not a security boundary).
