Search Unity

  1. Unity 2019.2 is now released.
    Dismiss Notice

Unity Hub - a security risk?

Discussion in 'Unity Hub' started by transat, Oct 13, 2019.

  1. transat

    transat

    Joined:
    May 5, 2018
    Posts:
    272
    I've updated my mac to Catalina. That OS warns you when apps try to gain access to certain parts of the system. For Unity Hub, I was asked... if I wanted to allow the Hub to access keystrokes from any other application I use. Hmm. Please explain, Unity!
     
    luispedrofonseca likes this.
  2. transat

    transat

    Joined:
    May 5, 2018
    Posts:
    272
  3. luispedrofonseca

    luispedrofonseca

    Joined:
    Aug 29, 2012
    Posts:
    788
    I just got this message and I'm curious as well. Why would Unity Hub need access to "keystrokes"?
     
    mkracik likes this.
  4. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Hi @transat,

    This was related to Catalina security requirements in Unity. Since the Hub launches Unity it detected the Hub as wanting to listen for keystrokes. This issue was fixed in the Editor so chances are you won't see this in future releases.

    Cheers,
     
    transat likes this.
  5. transat

    transat

    Joined:
    May 5, 2018
    Posts:
    272
    Now it's wanting to "record my screen"! :-/
     
  6. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Again, I'm unsure of what kind of warnings Catalina might display. I can assure you the Hub isn't trying to capture your keystrokes, screen content, funny cat pictures etc. Please remain patient. We're working hard on supporting the new MacOS release.
     
    transat likes this.
  7. transat

    transat

    Joined:
    May 5, 2018
    Posts:
    272
    I clicked on "approve" when it asked for my funny cat pictures. The world needs to see them.
     
    AbrahamDUnity likes this.
  8. SultanFreeman

    SultanFreeman

    Joined:
    Oct 23, 2019
    Posts:
    1
    well i installed Unity hub on Catalina OS today but i can't open it
     

    Attached Files:

    CatastropheZero likes this.
  9. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Yes @SultanFreeman, that's what this thread is about. We're working on it.
     
    CatastropheZero likes this.
  10. luispedrofonseca

    luispedrofonseca

    Joined:
    Aug 29, 2012
    Posts:
    788
    Hey @AbrahamDUnity, any update on this? This is a pretty serious security issue and the lack of a reasonable explanation as to why it's happening is concerning to say the least.
     
  11. safaGH

    safaGH

    Unity Technologies

    Joined:
    Mar 12, 2019
    Posts:
    147
    Hello, We are working on the notarization of the hub and it will be shipped with the version 2.2 of the hub. There is no security issues to be worried about, it's just that Catalina has higher requirements for applications to be considered secure.
     
  12. luispedrofonseca

    luispedrofonseca

    Joined:
    Aug 29, 2012
    Posts:
    788
    Thanks @safaGH, but saying that it's going to be fixed on the next release doesn't explain why the Hub is currently asking for permission for recording the screen and access for keystrokes.
     
  13. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Hi @luispedrofonseca,

    Like my colleague mentioned we are putting most of our efforts towards this for our next release. You can expect an update in the coming weeks. As I wrote earlier this is happening because of Apple's stricter security policy which requires us to update a significant portion of our framework dependencies. I hope this clarifies the situation.

    Cheers,
     
  14. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Also the messages about recording screen and keystrokes are not necessarily related to the Hub. Since the Hub launches Unity these warnings may also be related to the editor (which are also addressed by other teams in parallel). In any case you can expect all these warnings to go away once we address the issue.
     
  15. luispedrofonseca

    luispedrofonseca

    Joined:
    Aug 29, 2012
    Posts:
    788
    Sorry @AbrahamDUnity, but it doesn't. You're telling me exactly the same thing your colleague did. "It's going to be fixed soon".
    What I want to know is why it is happening right now, on the current version!

    [EDIT]

    You made a second reply while I was writing. That makes a bit more sense but still a bit weird to be honest. Looking forward for the next release.
     
  16. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    Also @luispedrofonseca, let me be clear on a few points:
    • The Hub does not and never has attempted to record users's screens.
    • The Hub only listens for keystrokes when one of its windows is open and focused (for capturing form inputs and shortcuts) and never has attempted to record keystrokes at any other time.
    We are as confused as you are about those warnings and hope that this is just an issue with the way MacOS treats our application until we submit it to them for verification (notarization). We are also testing locally with Catalina to make sure our latest release no longer shows these warnings.
     
    IvanWullems and luispedrofonseca like this.
  17. luks0r

    luks0r

    Joined:
    Apr 7, 2015
    Posts:
    2
    Thank you Abraham. Currently I cannot install any version of Unity2019.2 on OS X Catalina 10.15.1.

    When I attempt to install from the Hub, it fills up the downloaded progress bar and then just disappears, doing nothing and signaling nothing in the Security Settings panel.

    If I attempt to install Unity 2019.2.11f1 via the Mac downloader, it says "Unity Download Assistant" can't be opened because Apple cannot check it for malicious software".

    I'm assuming this is what is resolved in Unity Hub 2.2, and this is what this thread is about. Am I missing any other workarounds or am I stuck on waiting until 2.2 is released?

    Thanks,
    -Steve
     
  18. AbrahamDUnity

    AbrahamDUnity

    Unity Technologies

    Joined:
    Jun 28, 2017
    Posts:
    377
    @luks0r please report a bug in the Hub's bug reporter. We may be able to gather something from your logs. If you wish to follow up the conversation in the forums please open a new thread as this isn't directly related to Hub support for Catalina (since from what I understand you went past the security warning).

    Thanks,
     
    luks0r likes this.