Hacker News new | past | comments | ask | show | jobs | submit login
Mountain Lion now protects your contacts (dcurt.is)
60 points by dwynings on March 17, 2012 | hide | past | favorite | 14 comments



Presumably this is only true if the application is trying to access your contacts through the contacts API. The files containing your in ~/Library/Application Support/AddressBook hierarchy are set to permission 600 by the user - so any application run by that user could theoretically capture those contacts, unless Mountain Lion has put some additional file permissions on them.

I understand how on it's mobile IOS, where application installations (and the environment) are theoretically vetted for their "safety" and "privacy" these protections make sense.

On the Desktop, where one needs to be very, very cautious before installing an app - it makes somewhat less sense.

Users need to be aware on a desktop that they should rarely, if ever, install an application that hasn't been thoroughly vetted by a well known and respected publisher. And the presence in the Apple Store is _not_ such a vetting (yet).

I wonder if Apple is going to try and go that direction, and lend some veil of "safety" to Apps in the Apple Store. Not sure how they can without some serious code auditing -OS X is not IOS (despite common underpinnings) and enforcing sandboxes is going to be much more difficult in that environment.


"...and enforcing sandboxes is going to be much more difficult in that environment."

This is the approach they're taking. The sandbox for applications sold from the Mac App Store will be required from a certain date (which was pushed forward due to concerns, if I remember correctly) and will be quite strict in what it allows access to.

Mountain Lion will include the Gatekeeper, which defaults to allowing applications from the App Store and applications which have been signed by Apple. While signed applications don't get their code checked, their certificates can quickly be revoked if Apple finds any malicious activity. (See: https://secure.wikimedia.org/wikipedia/en/wiki/Gatekeeper_%2... and it's references)

The good thing is that they still allow anyone to change the Gatekeeper-settings to allow any kind of applications, signed or unsigned. Had that option not existed, I bet we would be seeing a migration from OS X by developers. Most average users will probably keep the default setting, giving them a (in theory) quite risk-free environment.


> and applications which have been signed by Apple

Applications are not signed directly by Apple, but by developers who have received certificates from Apple. Apple signing applications would be a rather broken trust model.


Exactly. s long as Apple isn't heavy-handed with certificate revocations or denying new certs, then it's pretty much business as usual (with added security).

I made the point before, and it parallels the move by Firefox, Chrome and other browsers to heavily warn on non-registered self-signed certs. As an intranet web app maintainer, it was a right pain to deal with the situation. Eventually we setup our CA and it was all good.

It would be nice if we had more than just one signature authority supported by this option.


It was really annoying on the first run. Tons of apps were asking for my permission to access my contacts. (And by tons I mean 6 or 7).


But isn't it entirely the point to be annoying? If there were only the preference pane showing which apps had accessed the data, it would already be too late. This is just like with location information on iOS — you have to ask the user before the app gets their data.


Sure. But on a first run after the upgrade it is too late too. These are all apps that we're running earlier in the day. It's beta software and probably won't be released like that.


Which apps were they? Did it make sense that they needed permission to access your contacts?


They did make sense. Cobook, sparrow, etc.

There was one that surprised me at first. I think it was Xcode.


It probably does it to grab your name for new file templates


can someone describe how is that implemented? Or rather, what does prevent other applications from reading address book directly (it has to be stored somewhere on the disk after all). On Linux, I can imagine leveraging SELinux to limit access to files, is there something similar available for OS X?


Maybe the sand boxing being enforced in mountain lion prevents apps from directly accessing the file?


unless you install it from the web, which would be the vector for any malicious application


I wrote a response to gshephard above (or below, if the posts move around) which I believe is fairly accurate, trying to address this.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: