API access authorization revisited
On October 19, I blogged about a change in the way Skype for Windows handles the attempts from new programs trying to access the public API. The change was implemented in Skype for Windows 220.127.116.11 (beta), released on October 24.
Since then, we’ve received a lot of developer feedback, and continued our internal discussions as well. Based on this additional input, we’ve reached a different solution which I’ll describe in detail below. Having a better solution at hand also means that this interim change will be rolled back and the upcoming gold release of Skype for Windows 3.6 will handle the API access requests exactly as the earlier versions did.
The new solution, for which we don’t have a fixed release date yet, is based on adding central blacklist and whitelist to the already-present local API access control list (ACL). What will happen when an application tries to connect to the Skype client API, depends on which list — if any — the application is on, and whether the user has already allowed or denied it to use the API.
How will this work?
- First (for all API connection attempts), the central blacklist is checked. If the application is centrally blacklisted, it will not be allowed to access the Skype client API, and the user will be notified.
- Then (for applications that are not blacklisted centrally), the local ACL is checked to see whether the application is already known to the user. If so, it will be allowed or denied access to the API according to the user’s choice, and no warnings will be displayed. This is identical to how it works with the earlier versions of Skype.
- Third (for applications that are new to the user and not centrally blacklisted), the central whitelist is checked. If the application is whitelisted, it will be given access to the API and marked as “allowed” in the local ACL. No warnings will be displayed to the user, but the user may later deny the application API access via Tools – Options if he so wishes.
- Finally (for applications that are new to the user but neither blacklisted nor whitelisted centrally), an event notification will be generated, and the user can then open the “old-style” API access authorization dialog by clicking on the missed event flag.
What’s in it for users?
- Increased security — malicious software will no longer be able to easily fire coordinated mouseclicks into the API access authorization dialog.
- Increased ease of use — Skype Certified software and drivers for Skype Certified hardware will “just work” without the API access dialog ever popping up.