Disable dev tools in desktop app to prevent evil maid attacks

Disable dev tools in app:desktop to prevent evil maid attacks

Change function

  • Prevent evil maid attacks like briefly pointed out here: https://quasar.dev/quasar-cli/developing-electron-apps/electron-security-concerns#disable-developer-tools-in-production
  • An attacker could show a different webpage or introduce code to grab the password by using the dev tools
  • Though one might argue that the attacker could also install a keylogger or something else to get the password or perform other malicious actions, this heavily depends on the rights of the user. If he/she does not have administrative rights, keyloggers can not be installed. The barrier to alter the complete system is much higher than the one just altering the app for one session.
  • A successful attack can not be detected.
  • I do not see any benefit of having the dev tools enabled for the ordinary end-user. If one likes to use the dev-tools, one could manually build the app in dev-mode to get the tools.