MacOS – Windows VNC app that can ask a Mac user (via apple id) to share their screen

apple-idmacosremote desktopscreen-sharingwindows

On macOS UserA can ask UserB to share their screen simply by entering UserB's Apple ID into a "New Connection" window in the macOS Screen Sharing app. Then, by some magic, Apple delivers the request to UserB as an alert on UserB's Macs, anywhere in the world:

| UserA would like to view your screen. [Accept] [Decline] [Block User]

Is there a Windows screen sharing app that UserA can use to make a connection in this way?

“Why do I ask?”, you ask.

  1. Why VNC? I already have to trust Apple because I run their OS, so for security it doesn’t make sense to hand over screen sharing on the server to a third party server-side app (including man-in-the-middle-attack opportunities for keyboard and mouse scraping). Apple provides VNC server software in macOS.
  2. Why not use an open port for VNC (via password-protected login). An open port is an invitation to get pounded with connection attempts 24×7. Any person/bot with a stolen username/password pair can get in at any time, 24×7.
  3. Why do I want the Apple ID trick? I want a human to have to be there at the server to approve each connection request. Also the trick works without an open port on my server. An Apple server does that for me by fielding connection requests.

Actually, letting any app on a non-Apple OS act as a VNC client is a bad idea for security reasons (See #1), so it seems the only good solution is to allow connections only from Apple's VNC app, running on macOS. And it seems clear that a client app that can do the Apple ID trick is not going to exist on any non-Apple OS (or on iCloud.com in a browser).

So my question is moot.

Best Answer

Must it be VNC? Must the connection use the AppleID to point to the desired computer? If so then not likely. I expect that Apple guards dearly how their servers work in getting an AppleID to point to a specific computer screen. There's other screen sharing systems besides VNC, some of which have a similar means to request a screen sharing session by entering some unique identifier for that person. It's not likely to be their AppleID except by coincidence that the person uses the same name for their AppleID as they use for their ID on this other system.

Since you specified VNC in the question I suspect that you are aware that the macOS screen sharing system is using the VNC protocol, and that with a VNC client on Windows one can establish a screen sharing session to a macOS computer. Apple extended the VNC protocol to make this request by AppleID work so smoothly. Replicating that will not be easy.

The use of an AppleID to connect to another person's computer works because Apple's servers are a central point of contact for the client and server to meet for establishing this connection. Getting something like that will mean finding or creating a similar central point of contact.

There are dynamic domain name services that can allow an ID to follow a person or computer as the IP address changes. Changes in the IP address can be from either the ISP moving it randomly as ISPs like to do for non-commercial users, or because people move their computer from a home network to a cellular hotspot when away from home. This will not always be sufficient as there can be firewalls or something that can block a VNC connection. These may be intentionally created blocks for security reasons, or merely coincidental to how a part of the network is configured. Clearing such hurdles may not be trivial.

Both people using a VPN client to some central network can allow for the Windows VNC client to find the Mac VNC server by use of an unchanging ID no matter where either computer might be. The network could be one a business or university uses for people to work or study at home. Such networks might even allow for an ID for the Mac computer to not be some pseudorandom sequence of letters. Setting up one's own network with VPN access is not likely to be trivial, and can run into the same shifting IP address problems if there's no commercial grade internet connection. Using some commercial VPN service may or may not make establishing a VNC session any easier as their business model might not have peer to peer connections in mind.

Using an AppleID on Windows is not likely to work since Apple isn't in the business of making Windows easier to use. Some alternative like a dynamic domain name or a VPN might get real close to offering a means to create a kind of user ID to enter as an address for a VNC client to use. The many options on this and how each would be set up would provide enough material for a good sized book or a semester long course at a university. Hopefully I gave some ideas on where to start looking for a solution.