For some reason I have been thinking a lot about the "desktop security model" lately in comparison to the browser security model.<p>What stops spotify, or chrome, or any other desktop app that I install from reading my .ssh directory? I assume nothing, by default, since it's under the same user. Is there a long history or book about this subject that I don't know of? Is there a way to restrict disk access of an application by directory? Obviously, I understand how things have evolved from the early days of assuming installed software was benign. I'm not complaining, or shaming, or whatever, that developers didn't think of the threat model for desktop apps back then as we might if the concept of desktop apps came out today.<p>I am mostly just wondering if this problem has already been discussed and if there is a canonical approach to it. To give you a sense of why I think this is interesting, compare google search results for "desktop app security model" to "browser security model". The latter is formally (or "officially") defined.
Most operating systems these days show you a "Do you want to open/give access to this app to make changes on your computer?" prompt or popup. We then click "yes" while rolling our eyes for the inconvenience. The end. :)
I don't have much of an idea about Windows or OSX. Regarding Desktop Linux, I think I wouldn't be far off if I said it has no desktop security model. The permission system on *nixes (and Linux by inheritance) were formulated in the context of it being a multi-user system with multiple people logging in via a terminal. Your data had to be protected from access by unauthorized users. I don't know if security aspects of running untrusted or unverified programs was even considered which are significantly more important in the current context.<p>I think Flatpak is trying to improve Linux application security but still has a really long way to go compared to the likes of Android and iOS.