▶ General Discussion  - 
Hey guys, I know that one of the big features of Chromebooks is that they almost never get viruses because the "Apps" are Web based, and are not actually written onto the machine.

So my question is, do the new Packaged Google Apps open us up to security threats, because they behave like traditional local software? Or are they just as secure is the Web Apps? Thanks!
Jorge Lucángeli Obes's profile photoAlex Paluzzi's profile photoJose Lara's profile photoVincent Delaforge's profile photo
They still are sandboxed and run within the chrome environment so there's nothing you really need to worry about. However, pay attention to permissions they ask for 
Developer here, packaged Apps are more secure than traditional desktop apps, but less secure than web apps. Chrome Apps have additional APIs not available on the web, such as access to raw TCP/UDP sockets. These APIs might have bugs, and that is a security risk.

However they are more secure than traditional desktop apps. In Mac and PC apps the developer has access to directly manipulate memory so anything is possible. Chrome Apps are sandboxed and the threat is probably similar to mobile apps. 
Chrome Security team member here. +Justin Loutsenhizer pretty much sums it up. Chrome Apps do have access to additional APIs, so it's important to pay attention to the permissions they ask for. However, even with access to those APIs, the code for the web apps runs inside the Chrome sandbox, which is significantly more restrictive than your normal mobile app.
I'm not a mobile app developer, but my understanding is that both Android and iOS apps are sandboxed as well. In what way is the Chrome sandbox more restrictive than those?
+Matthew Phillips the Android sandbox is basically a user id sandbox: every app in the system runs as a different user id, and that way the OS can control what different apps have access to. However, each user id still has access to a lot of system resources (file system, networking) if given permissions.

The Chrome sandbox denies all access to the file system and networking. The only thing the app and the renderer process in which the app is running can do is to ask for resources to the Chrome browser process even if the app has those permissions.

That way, if the Chrome app manages to exploit a bug in Chrome and execute code in the renderer process, it still has to ask the browser process for any resource, or find another bug to break out of the sandbox.

Moreover, Chrome implements another layer of sandboxing that restricts what procesess can call in the kernel. This is the Seccomp-BPF sandbox, and basically guarantees that even if malicious code is executing in the renderer, it cannot call crazy kernel functions that might allow it to locally escalate privileges (to the root user, for example).

The kernel includes a huge amount of code, so you need to restrict that as well in a sandboxed process.

Notice that I haven't even discussed Verified Boot in Chrome OS, which guarantees that your system is always free from malware.
+Matthew Phillips Two different things here. If we're talking about Packaged Apps running on something like Windows or OS X, you're essentially just running code inside of the Chrome executable (it's acting like a virtual machine at this point, not a browser). All this does is give you access to some additional APIs (see here: http://developer.chrome.com/apps/api_index.html). It's still "sandboxed" in the sense that Chrome isn't going to let you jump out and start messing with memory or other disk locations.

So, coming back to your question-- Android is Windows in this scenario. An Android app has access to all of the native OS APIs, and can, for the most part, do what it wants (with your permission, hopefully.)

So, in summary: chrome.* APIs vs native OS APIs = more security (and thus, more flexibility and portability!)
Excellent. Thank you all for your input. This information really puts my mind at ease about using all Chrome apps. As long as I use common sense (like checking permissions), I am confident that I'll be safe using my Chromebook. Thank you again.
Add a comment...