Hey folks, I've tried searching for this on here (...
# compose-desktopp
pablisco
10/01/2024, 2:50 PMHey folks, I've tried searching for this on here (and online) but haven't found a good answer. We are making an app from all desktop targets, however, the client wants to have sandboxing in a similar fashion to how Android and iOS keeps apps data separate from each other, and hidden from the final user.
One way I thought is to use the credential APIs from Microsoft, download a key from the server, and then create an encrypted folder in the user's machine. However, I was wondering if there's a better way to do this. I know that the App Store on macOS has some level of sandboxing, but the app is not gonna be distributed publicly and we need to support other platforms.
Anyone knows how we could approach something like this? Thank you in advance 🙏
m
mikehearn
10/02/2024, 11:43 AMThere are only platform specific solutions to that. Also, what do you mean by "hidden from the final user"? Some sort of DRM? It is a very different requirement.
On macOS you can enable sandboxing quite easily. It will stop other apps from accessing the data files of your app, but, not the user who can always elevate to admin.
On Windows it can be done also but it's an advanced technique that hardly anyone knows about or uses, so there's a high implementation difficulty. It requires you to package with MSIX. The tool Hydraulic Conveyor can package and ship your app as MSIX, so that's very easy, but it's a commercial tool (disclosure: made by my company). To make protected directories requires some low level Win32 API calls and, again, the protection can be overridden by the user by elevating to admin.
mikehearn
10/02/2024, 11:43 AMMaking this easier is something I've thought about adding to Conveyor in the past. It's unclear how much demand there is.
mikehearn
10/02/2024, 11:44 AMMost developers don't care if other apps can read their data files.
mikehearn
10/02/2024, 11:44 AMBTW, macOS sandboxing is independent of the App Store. App Store requires you turn it on, but you can use it with non-store apps also.
p
pablisco
10/02/2024, 11:47 AMOh, thanks for the info. I'm guessing Linux is out of the question.
Yeah, having admin is a bit of a curbed ball. I was researching SecurityManager to limit folder access, but the same sudo issue comes to mind. Pus, it's been deprecated 😅
m
mikehearn
10/02/2024, 11:49 AMStopping the user accessing data on their own device is the DRM problem. It can be done, but it's very hard and most solutions are video-specific. It very much depends on how advanced your users are, how easy they will find to undo it.
mikehearn
10/02/2024, 11:49 AMYou should try to clarify the requirement with your client to find out why they want this.
mikehearn
10/02/2024, 11:49 AMLinux, yes, you can sandbox apps (sorta) using FlatPak but that won't give you protected directories.
r
rob42
10/05/2024, 8:31 AMThis recent discussion might be relevant for you: https://kotlinlang.slack.com/archives/C01D6HTPATV/p1724171156490629
🙏 1
4 Views