top | item 23690927

(no title)

bengotow | 5 years ago

Wait, so you can just duplicate an app that has more privileges than your app, modify it, and run it to exploit it's access?

This is a pretty glaring security issue actually - after reading this, it seems like Apple's choice to track app permissions / security exceptions by the app's bundle ID and not its file path was a pretty big mistake.

I wonder if this is a case of iOS security engineers working on macOS, forgetting that app bundle IDs aren't enforced by a central install flow on the platform?

discuss

saagarjha|5 years ago

File path is wrong, too. What should be checked is the bundle’s code signature.

_qulr|5 years ago

It does check the code signature. However, it's not a "deep check". The problem with doing a deep check, including all of the apps Resources, is that this can be very resource intensive, depending on the app. It's the reason why Xcode takes forever to "verify" on first launch. If there was a deep code signature check on every TCC check, you would see a lot of very long pauses.