mihon icon indicating copy to clipboard operation
mihon copied to clipboard

Published 20 hours ago verified publisher icon mihonapp

Remove requirements to individually trust extensions since it no longer meets intended purpose

Open Jaykoerner opened this issue 1 year ago • 3 comments

Given that extensions are android apk files and have inherit risk regardless of trust status since the operating system could just natively execute malicious code on its own and there is no longer going to be any 1st party repo support the purposes of protecting users are no longer met by the trust system.

Fulfilling #99 would be the better short term solution from a usability perspective.(along with a similar warning when updating a extension, possibly with the ability to disable this second confirmation at user discretion in settings)

This would also inherently fix #66

Alternatively if a trust system is wanted a long term solution would be to develop a new extension format that is not also a native executable so the trust system has meaning or to have the app scan the download file to make sure it's not natively launchable and that the only malicious actions that can be taken can only happen in mihon(or at least unzip and scan to make sure the app structure matches the intended structure of an extension without extra files present).

Other details

No response

Acknowledgements

  • [X] I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open or closed issue.
  • [X] I have written a short but informative title.
  • [X] If this is an issue with an official extension, I should be opening an issue in the extensions repository.
  • [X] I have updated the app to version 0.16.1.
  • [X] I will fill out all of the requested information in this form.

Jaykoerner avatar Jan 17 '24 21:01 Jaykoerner

Instead of individually trust each extension, there should be an option to trust entire source itself. No need to trust with each update/install from same source...

confident-hate avatar Jan 21 '24 15:01 confident-hate

Instead of individually trust each extension, there should be an option to trust entire source itself. No need to trust with each update/install from same source...

That is issue #99 and why I tagged it, there are a variety of ways to do this with differing levels of security, usability and other pros and cons. I simply think the way it is now does not have much benefit.

Jaykoerner avatar Jan 22 '24 03:01 Jaykoerner

Much easier solution would be to disallow any extensions with permissions outside of the needed ones. All interactions happen via the main app anyway.

CodeSpoof avatar Jan 22 '24 12:01 CodeSpoof

Removing it also would cure several problems I've been finding. This is on 0.16.3

I find that updating the software removes all trusts again. Even if you've installed it once.

Hitting the trust button doesn't necessarily tell it to trust. it takes either time or something I don't know. I'm finding I'm having to hit the trust button multiple times and it's not doing anything.

Biggest problem is even if I have downloaded something if I don't trust it I can't read it. So it makes it really hard to get into your existing catalog

Wyld-One avatar Jan 26 '24 10:01 Wyld-One

You could make it similar to XPosed Modules, where every module is turned off by default unless it is installed from within the manager. With this it'd be possible to not have to trust every extension from a repo, but extensions installed manually are disabled until the user decides otherwise and the user is given a notice about new externally installed extensions.

CodeSpoof avatar Jan 26 '24 10:01 CodeSpoof

#320

AntsyLich avatar Feb 01 '24 21:02 AntsyLich