Untrusted by default is a feature. No user would be able to protect themselves, unless perhaps they are a highly trained security expert always on alert, which is not a thing.
This is not the exciting early days of the interwebz where script kiddies run amok and it’s mostly for the geeks anymore, it’s where government-affiliated gangs are launching ransomware attacks on critical infrastructure in order to finance nuclear programs. Accessing arbitrary resources on your local machine is how that happens.
Web apps, given a modern browser, naturally have stricter sandboxing, but native apps are treated as untrusted on any modern OS, too. If I launch anything new, the dialog will have me confirm before it accesses anything other than its isolated app data directory.
I dont run a single native application across five operating systems that requires a popup nag to access the clipboard or that is unable to put any data other than text, html and PNG on the clipboard.
Every mobile OS from Apple would show a popup if an app tried to access clipboard without your explicit pasting. Obviously, if you tapped “paste” then popup would be unnecessary since you would be approving your own action, not app’s action.
It is somewhat crazy that macOS doesn’t do that yet.
But the comment I replied to was talking in general terms. Yes, for some APIs native apps are for now more trusted than Web apps, depending on the OS, but the trend is that they are becoming less and less trusted.
Nope, native applications are not ever going to get the ridiculous level of sandboxing demonstrated by the restrictions on accessing the clipboard in the article. Nor are they ever going to be prevented from accessing the file system as web applications are.
This is not the exciting early days of the interwebz where script kiddies run amok and it’s mostly for the geeks anymore, it’s where government-affiliated gangs are launching ransomware attacks on critical infrastructure in order to finance nuclear programs. Accessing arbitrary resources on your local machine is how that happens.
Web apps, given a modern browser, naturally have stricter sandboxing, but native apps are treated as untrusted on any modern OS, too. If I launch anything new, the dialog will have me confirm before it accesses anything other than its isolated app data directory.