question

KoenVanDurme-2144 avatar image
0 Votes"
KoenVanDurme-2144 asked KoenVanDurme-2144 commented

Are there security implications when enabling the "privateNetworkClientServer" capability for a UWP app

My understanding of the "privateNetworkClientServer" capability is to allow a UWP app to access VPN or local network.

Since the documentation around this is a bit sparse I'm also wondering if there are any other security implications that we need to take into account when enabling this capability.

windows-uwp
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KoenVanDurme-2144 Do you have any updates about your question? Dose my reply make sense?

0 Votes 0 ·

No further questions at the moment.

If there are no security concerns to take into account we are going to enable that capability and publish an updated version of the app on the Store.

0 Votes 0 ·

If you don't have more questions, you could accept my reply as answer so that other people who have the same issue could see it.

0 Votes 0 ·
RoyLi-MSFT avatar image
0 Votes"
RoyLi-MSFT answered

Hello,

Welcome to Microsoft Q&A!

As the document describes, this capability provides inbound and outbound access to home and work networks through the firewall. This capability is typically used for games that communicate across the local area network (LAN), and for apps that share data across a variety of local devices. If your app specifies musicLibrary, picturesLibrary, or videosLibrary, you don't need to use this capability to access the corresponding library in a Home Group. On Windows, this capability does not provide access to the Internet.

This is a general-use capability that applies to the most common app scenarios. There should be no security implications if you use the capability normally.


Thank you.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KoenVanDurme-2144 avatar image
0 Votes"
KoenVanDurme-2144 answered KoenVanDurme-2144 commented

Sorry for coming back to this @RoyLi-MSFT but do you still have some extra context around the security implications of enabling this capability?

Since you mentioned

There should be no security implications if you use the capability normally.

We are a bit confused about the "normally" part and still wondering what the extra risks are for end users when we would enable this capability?

This is not yet completely clear from your answer.
Hoping you can provide some more info.

Thanks!


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

do you still have some extra context around the security implications of enabling this capability?

No, I don't have any extra content for this.

We are a bit confused about the "normally" part and still wondering what the extra risks are for end users when we would enable this capability?

First of all, UWP apps are running in the Sandbox, so it has many limitations when accessing files system or network. For example, the local loopback is disabled for UWP apps by default. So UWP apps are more safe compared with traditional desktop apps. Second, the capability just gives UWP apps permissions for inbound and outbound access to home and work networks through the firewall. The capability itself can't make the app do something.

I don't know what extra risks do you mean. If you mean network attacks, I think that should be a firewall issue, not an application issue.

0 Votes 0 ·

Ok. Thanks for confirming @RoyLi-MSFT .

Much appreciated.

0 Votes 0 ·