Skepticism is good but there has been an almost blind fanaticism about this.
Grapheme made a statement, correct as it may be it cast more shade on this app than necessary and that makes sense as they have a vested interest in pushing android as a more secure ecosystem than iOS as that’s their true rival in this space.
What I am getting at is it is worthwhile to be skeptical of all sides, not just take the word of a side that fits with your biases.
I’d expect, and personally would not continue to use this app otherwise, this app to receive continuous grey box analysis from independent security professionals.
Take what I’m saying with a grain of salt but I’ve done mobile device analysis professionally for some time wearing a number of hats and that’s the perspective I am speaking from
I have been on the other side of the equation professionally speaking.
I think we mostly agree.
The auditors were certainly not malicious, they can simply only see what they can observe.
Appealing to authority without explaining the caveats is risky to do and disingenuous to people who need to take security very seriously right now.
A potential vector or matter of concern does not mean there is a compromise. Without evidence of a hack or compromise you just have the idea that something could happen.
The app model in general has meant that we have given up tremendous amounts of privacy and security in general for the sake of connivence.
If I were the developer of this app I would’ve approached things from the inception with the question of “How do I get people to trust me who absolutely should not trust me?”
That said, it is always easier to tear down than it is to build.
If I were an at risk individual I would likely opt to use the app myself assuming I could share general location instead of specific location. In areas like LA there is likely a lot of data flowing in that would not help a malicious actor if the location is not specific.
Skepticism is good but there has been an almost blind fanaticism about this.
Grapheme made a statement, correct as it may be it cast more shade on this app than necessary and that makes sense as they have a vested interest in pushing android as a more secure ecosystem than iOS as that’s their true rival in this space.
What I am getting at is it is worthwhile to be skeptical of all sides, not just take the word of a side that fits with your biases.
I’d expect, and personally would not continue to use this app otherwise, this app to receive continuous grey box analysis from independent security professionals.
Take what I’m saying with a grain of salt but I’ve done mobile device analysis professionally for some time wearing a number of hats and that’s the perspective I am speaking from
I have been on the other side of the equation professionally speaking.
I think we mostly agree.
The auditors were certainly not malicious, they can simply only see what they can observe.
Appealing to authority without explaining the caveats is risky to do and disingenuous to people who need to take security very seriously right now.
A potential vector or matter of concern does not mean there is a compromise. Without evidence of a hack or compromise you just have the idea that something could happen.
The app model in general has meant that we have given up tremendous amounts of privacy and security in general for the sake of connivence.
If I were the developer of this app I would’ve approached things from the inception with the question of “How do I get people to trust me who absolutely should not trust me?”
That said, it is always easier to tear down than it is to build.
If I were an at risk individual I would likely opt to use the app myself assuming I could share general location instead of specific location. In areas like LA there is likely a lot of data flowing in that would not help a malicious actor if the location is not specific.