All of that is about protecting secrets at rest on the device. It is of no protection at all if an application simply asks the secure-whatever for them and then proceeds to email them all to someone else.
The secrets in the keyring of my secure boot protected, full disk encrypted laptop are exactly as secure until I boot it up and unlock the keyring for Dbus.
> It is of no protection at all if an application simply asks the secure-whatever for them and then proceeds to email them all to someone else.
On Windows the application can specify some extra entropy/salt, and the secret is not decryptable without it[1]. So it's a tad more difficult to exfiltrate than simply asking for it.
[1]: https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf...
Which is still protecting secrets at rest.
What are people not getting about this? The point of a shared keyring is to enable applications to share secrets. My git tokens are shared between git, my IDE, various scripts etc.
This discussion highlights the exact issue: people don't even understand what problem or use case they are actually solving.
From what I read here, the problem is that EVIL.app can read your git tokens, too, without you having anything to say about it.
Yes, you want a system that allows sharing of those tokens between various tools, but you also want the user to be in control of which tools can share them.
Android apps can never exfiltrate each other's secrets using the secret manager. Even while the apps are running. Same goes for iOS apps. You can maybe trick them into leaking their session tokens using weird browser exploits, but it's entirely up to the app developer to make that happen.
Windows' Credential Guard (https://learn.microsoft.com/en-us/windows/security/identity-...) is explicitly designed against the "dump all secrets while the system is running" approach.
Even Mimikatz requires exploiting design vulnerabilities and requires administrator access.
If you can break the kernel and all the safeguards the kernel has against secret exfiltration, you may be able to decrypt data from other applications, but it's not like on Linux enviroments where any application running as any standard user can dump the entire credential database by just asking.
Keychain access can be limited with ACLs, enforced with code signing signatures as well on iOS and more so on macOS where the “keychain” can still be the older file based type.
There are secrets I cannot export from my system keychain without disabling SIP on my Mac.
You believe any Android or iOS app can exfiltrate all stored secrets?