WindowsAppSDK
WindowsAppSDK copied to clipboard
microsoft
Proposal: [UWP] Provide a user-friendly UX to request access permissions to specific file locations
Proposal: [UWP] Provide a user-friendly UX to request access permissions to specific file locations
Summary
Allow UWP apps to request specific file/folder access by displaying a user-consent dialog (system prompt) instead of having to display a File/FolderPicker UI or require the restricted BFSA capability.
@benstevens48 has described this in their long post (Scenarios 5-8) in issue #8 and to my understanding this is also listed as a 'Could' in the issue scope. I believe this particular file-system access painpoint of the UWP sandbox implementation deserves its own proposal instead of being just one of many suggestions put together in a massive thread. It is also not related to the core idea of issue #8 which seems to focus more on the actual UWP File APIs themselves (see 'Must' vs 'Should' vs 'Could' scope) and as such should be treated as its own actionable issue.
Rationale
Currently, if my UWP app needs access to specific files or folders of the user, I can either use the BFSA system capability or display a File/FolderPicker UI. Both cases come with severe drawbacks for the scenario where an app wants to access a select few file system locations already known in advance.
- BFSA: Asking for access to all the files and folders of a user when in reality only a handful of file system locations need to be accessed will be seriously disliked by potential users, up to a point where a user might outright stop using the app.
- File/FolderPicker UI: Using the *Picker UI, I can ask for selective file system access. However, I can a) not ask for access to multiple distinctly-located folders all at once and b) the user will have to navigate to the actual file/folder location There are ways to aid the user in navigating to a location without having to manually walk the entire folder tree, however, this is only mitigating this bad UX. And if my app needs access to distinctly located files & folders, I will have to show multiple *Picker UIs (one UI for each location) if I want to create an app experience which values the user privacy greatly and only obtains access to the minimum required file system locations for it to work.
To improve the process for UWP apps to get access to select file\folder locations, I thus suggest using the well-known user-consent dialog. For example, if the app tries to access a folder it currently does not have access to, the system will show the user-consent dialog asking the user if they want to give the app access to this folder. If the user consents, the app from now on will have access (until the user revokes their consent or the app is uninstalled). If the user denies the request, it won't (and the app could ask again if needed). Visually, this could look like this:
(In this case, the app asks for access to the folder where Windows Spotlight Images are saved by Windows.)
In the example image above, access is only requested to a single folder, yet we can easily imagine apps asking for access to multiple distinctly located files/folders. It should be possible for apps to also request access to specific files/folders in "bulk", in other words, the user-consent dialog will display a list of file system locations the app wants to access.
Scope
| Capability | Priority |
|---|---|
| Allow UWP apps to request access to specific file system locations in a user-friendly way. | Must |
| Allow UWP apps to request access to multiple specific file system locations in a single UI. | Must |
Open Questions
Assuming the user granted an app access to a specific file location: How can the user revoke this permission (without having to uninstall the app)? The Windows Settings app will presumably be the relevant system component to manage these permissions. The Windows 10 Security app could be useful to look at for inspiration: See "Controlled Folder Access" and "Exclusions" in the category "Virus & threat protection".
There is also the concept of granting access "just for this session". What this would mean here is that after closing the app, granted file system access "just for this session" will be removed for the app. In other words, when the app is launched the next time, it will have to ask for access permission to those file system locations in question again. Is there added user (security) value by providing such an option where the user won't have to actively remove access to a specific file system location for the app?
Additional Context
Original WinUI issue by me here. View this proposal here as the most up-to-date one.
