Windows 10 UWP app bug could steal your data without you knowing

Person reading on laptop

Windows 10’s security woes appear to continue, with a bug apparently found in the code for UWP (Universal Windows Platform) apps that could allow hackers to access your hard drive and steal your data without you knowing.

What’s particularly worrying about this bug, which is explained in depth by Sebastien Lachance, a senior developer who specializes in Windows apps, on his website is that Microsoft has been extolling the security virtues of using UWP apps in Windows 10 (as opposed to regular programs and applications) due to them being run separately from the rest of the operating system.

While UWP apps should run in what's known as a ‘sandbox’ mode, so that they don't have access to your files and folders, the broadFileSystemAccess API allows apps to access your hard drive and files. In legitimate apps, this is necessary if it needs to be able to open, edit and save files to your PC (such as with an image-editing Windows 10 app).

When an app uses the API and makes use of this feature, a window is supposed to appear alerting users and asking for their permission. However, the recently-discovered bug means this doesn’t happen. So, users don’t get asked for permission or alerted to the access, and the apps are granted full system access by default.

As you can imagine, this is a serious security breach.

October 2018 Update to the rescue

The good news is that Microsoft has apparently fixed this problem with the Windows 10 October 2018 Update, so if you haven’t already installed this then now is the time to do so, especially if you use a lot of Windows 10 UWP apps.

Our guide on how to download and install the Windows 10 October 2018 Update will take you through the necessary steps.

While this fix is welcome, the existence of the bug is a blow to the security claims Microsoft has made about Windows 10 apps downloaded from the Windows Store.

While it’s not clear whether any malicious apps that exploit the bug have been added to the store, Microsoft has been criticized in the past for its lax approach to supervising the Windows Store, compared to Apple and Google and their respective app stores.

Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.