undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsbahoom9y ago0 comments

What exactly is so dangerous? Any app can take screenshots , listen to keyboard entries, send keys, move the mouse pointer and upload stuff to a server without any AXApi permission.

Forbidding window movement doesn't add any security at all.

Anyways, all I want a simple prompt explaining what the Accessibility API does and yes/no buttons.

0 comments

5 comments · 1 top-level

elmigranto9y ago· 4 in thread

One example that comes to my mind, is that you won't be able to copy any data from keychain. In fact, no one can access protected keychain data, if any app that is not in Accessibility "listens to keyboard".

http://apple.stackexchange.com/questions/212622/keychain-won...

bahoomOP9y ago

Well, that's obviously a bug in OSX.

I'm not saying that accessibility enabled apps can't do any harm, of course they can. My point is that they can't do more damage then regular applications you run on your mac.

The only way to run third party apps in a kind of secure environment is sandboxing.

All this accessibility api lockdown stuff from Apple is just pseudo-security.

elmigranto9y ago

> My point is that they can't do more damage then regular applications you run on your mac.

Well, they can autoconfirm Keychain prompts with simulated keyboard events (and access all the keychain data in general), for one. This is something non-accessibility apps can't do after some update.

Keylogger can't steal your password, if it's in keychain, even though it knows your root password. But I guess now it'll add itself into accessibility, so… waiting for Sierra :)

kuon9y ago

Pure speculations: Wouldn't it be possible for an app without accessibility access to just kill and relaunch another app in a wrapper? This wrapper having hooks into system APIs?

elmigranto9y ago

I don't see why not, but what's the point. You either in, and can do X, or not. Can you clarify, please?

j / k navigate · click thread line to collapse