Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[macOS] Dashboard receiving events from different unsandoxed apps. #349

Open
esphynox opened this issue May 15, 2021 · 7 comments
Open

[macOS] Dashboard receiving events from different unsandoxed apps. #349

esphynox opened this issue May 15, 2021 · 7 comments
Labels
bug Something isn't working

Comments

@esphynox
Copy link

esphynox commented May 15, 2021

Expected Behavior

I should receive events only from my application.

Current Behavior

I'm receiving events from other applications using Amplitude iOS SDK on this computer.

Screenshot 2021-05-15 at 21 24 45

I'm not sure, but this might be considered as security issue, since I'm could receive analytics data of other developers?

Possible Solution

Problem

Problem lurking inside function platformDataDirectory of AMPUtils.m file.
Thing is following API call:
[NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, YES) objectAtIndex:0];
returns different paths when macOS app is sandboxed and not sandboxed.

When app is sandboxed returned value from this function is:
/Users/<username>/Library/Containers/<app_bundle_identifier>/Data/Library
but when app isn't sandboxed returned value is:
/Users/<username>/Library

Which leads to situation that every app is reading and writing to database located by path
/Users/<username>/Library/com.amplitude.database

When user have no internet, events stacking inside database from all unsandboxed applications and then sent to dashboard.

Possible solutions

I'm not exactly sure what's the best solution to implement in your case, but I see two different approaches two fix this issue.

Solution 1 - Separate DB file for each app

You can add bundle identifier of host application to database filename so it won't collide for different apps.
I guess downside to this approach is that you might need to migrate records from old file to new which might be not an easy task.

Solution 2 - Filter records on send

You can add bundle identifier of host application to each event that is recorded to database. Then when reading those event from database and before sending those events to your backend you can filter them by bundle identifier of host applications so you can exclude unneeded events.

This might be a more hackier approach then previous but still might work.

Steps to Reproduce

Pre-requesites

For correct observation of this issue we need two different apps and two different API keys for SDK. I prepared test application which with few modifications will correctly reproduce this issue. We will change bundle identifier of application so we can emulate two different apps using Amplitude.

Steps

  1. Pull repository with submodules from this link (https://github.com/esphynox/AmplitudeMacOSTest)
  2. Open TestViewController.swift file and replace API_KEY_1 & API_KEY_2 strings with correct API keys.
  3. Disable internet connection.
  4. Run application
  5. Observe that event is written to /Users/<username>/Library/com.amplitude.database
  6. Change bundle identifier of app from com.esphynox.AmplitudeTest1 to com.esphynox.AmplitudeTest2.
  7. Run application
  8. Observe that second event is written to /Users/<username>/Library/com.amplitude.database
  9. Enable internet connection.
  10. Go to Amplitude dashboard of application that used API_KEY_2 and observe that there is two Launch events from com.esphynox.AmplitudeTest1 and com.esphynox.AmplitudeTest2 applications.

Environment

  • SDK Version: v8.3.0
  • Device: MacBook Pro (13-inch, M1, 2020)
  • OS Version: macOS 11.1 (20C69)
@esphynox esphynox added the bug Something isn't working label May 15, 2021
@dantetam
Copy link
Contributor

Hello @esphynox ,

Thank you for the very detailed explanation and in depth steps to reproduce and solve the issue. We will look at this next sprint 5/24 - 6/4. This is a very interesting write-up on the intricacies of file system behavior for multiple iOS apps in certain conditions.

We will definitely test this ourselves. We will have to consult within our team to recognize the implications of sandboxing an event and if we can actually receive events from sandboxed apps in production. Also, if we intended this as an architectural decision for Amplitude SDKs and if there's a security concern.

Dante

@esphynox
Copy link
Author

Alright, cool. Thanks!

@esphynox
Copy link
Author

esphynox commented Jun 7, 2021

Hi there. I would be really grateful for any updates on this issue.

@yuhao900914
Copy link
Contributor

Hi @esphynox, Thanks for your patient. I'm working on this right now.
I'm able to reproduce this issue by following the steps. Trying to investigate what's the best solution for this.

@esphynox
Copy link
Author

Hi there, @yuhao900914. Is there any updates for this issue?

@yuhao900914
Copy link
Contributor

@esphynox
Hi there.
For improving the performance issue, we are removing saving each event into SQLite, which will resolve the unsandbox issue.
So it might take more time on fixing this. But we are actively working on this.

@esphynox
Copy link
Author

esphynox commented Aug 4, 2021

Hello there, are there any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants