Unauthorized Cross-App Resource Access on Mac OS X and iOS

<i>On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs.</i><p><i>Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications.</i><p>I see the security argument side of things, but I think that overall this trend of compartmentalising everything is detrimental to the open interactions between apps that made computers so versatile and useful. Put another way, by building increasingly closed and restrictive systems, and requiring strict authorisations and procedures for all interactions between their components, we&#x27;ve significantly marginalised the ad-hoc, unpremediated sharing aspect of computing --- one which I think is also extremely important.<p>It&#x27;s certainly not a good thing to have data you want private leaked out, but neither is it to be unable to freely share between apps what you <i>do</i> want without going through some horribly byzantine process involving only the app developers and not the user. Something to think about, whenever someone proposes isolating everything for the sake of security...

I just read the PDF and the only issue for iOS is the scheme duplication, though that has been known for a while and it&#x27;s up to developers not to pass secure data through it. All the others are OS X only. The keychain is safe on iOS, though when synced through to OS X, it becomes a problem.

<i>&quot;...the inter-app interaction services, including the keychain, WebSocket and NSConnection on OS~X and URL Scheme on the MAC OS and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.</i>&quot;<p>If it&#x27;s that good an exploit, it&#x27;s probably already being exploited.

What the hell?