Comment by ranger_danger
2 months ago
Not only can most apps see the titles of all other open windows on the system, but they can log all your keystrokes, take screenshots, record audio/video of you or your screen, or copy/delete all the files in your home directory, without any explicit permission or notification.
This is at least true for Windows and most traditional (X11 at least) *nix systems.
That is one thing I think Android got right... by default it runs every application as a different user. That means different home folders and no visibility into other apps.
Originally Android apps could draw over top of any other app though which is a phishing nightmare. It took them a long time to make that a permission, and then everyone granted it until they finally added the bubbles API recently.
Permissions are difficult to get right, and Android is unfortunately pretty slow to react.
On windows you shouldn't be able to do (most of) these directly with apps running under admin, though that's a small consolation when the browser is a normal process.
I'm not sure if we'll get away from these anytime soon as any out of the box solution will inherently limit the user's freedom that has persistently been there for decades on PCs
I have absolutely done all of these things on Windows, even for commercial applications. Programs that keylog (i.e. calls SetWindowsHookEx) sometimes get tagged by antivirus though.