Comment on I'm playing Pokemon HeartGold on my iPhone and I love it!
LazaroFilm@lemmy.world 1 year agoThe code is open source for both Ignited and SideStore. You can check it on GitHub for SideStore and Ignited. The chance of malware in open source is much lower since you can decide to compile your own if you like.
stevedidwhat_infosec@infosec.pub 1 year ago
While the likelihood is lesser, and open source technologies are helpful for finding bugs, they are not a guarantee and their degree of effectiveness is questionable. Especially with the rate at which AI continues to improve, making the likelihood that an AI could detect a vuln in the code and relay that info to a hacker much higher than before.
I’m a professional in this field, and have first hand experience with the matter. I understand you’d like to defend your post and the product but this is quite misleading.
I’m not saying this is a virus, but it increases the chances that you could get hacked, and you should consider if playing Pokémon on your phone is worth that risk. That is all.
LazaroFilm@lemmy.world 1 year ago
I understand what you say, but that could be said of any software you install. Like I said I have less faith installing Temu from the official AppStore than Ignited from the SideStore. Ai is definitely making things harder to oversee by its black box nature. Thake any software from the internet with the obvious care needed but this specific software doesn’t warrants any more warning than any other software you download then install. And the back that you can go through its code yourself allows to have actually a better understanding of what it will run on your device vs an AppStore where the only precaution is a footnote bullet point in the app’s page.
stevedidwhat_infosec@infosec.pub 1 year ago
You’re still trying to muddy the waters here. Stop talking and start listening, please.
I am not making any claims about anything being better or worse. I’m laying out possible issues and the fact that this is an additional risk which may or may not be worth it.
All I’m doing is laying out the facts and letting people judge for themselves. Ik you like the product, but why are you trying to ride for them so hard? Why are you being so defensive over my relaying of information and warning others?
I’ll play ball.
First off, no Chinese app should be trusted at this point purely based off of chinas APT groups and corporate espionage. So, yes, fuck Temu too.
Second off, you’re zooming out to hide the facts of the details. Free games and emulator apps are statistically higher than baseline to either contain malware or will contain malware in the future (whether or not that’s because they got hacked or if the devs were always hackers - it does not matter. The fact remains it’s more risky)
Being able to go through the code is fine until you recognize that sometimes code accesses other code elsewhere that is not open source. Which means you don’t get to account for that when considering if the product is safe AND secure code.
I’m not going to keep arguing with you over this, it was a simple heads up about the statistical likelihood of such an app (which already is fucking bypassing apples secure store to get and requires a PC) being a threat to its users at some point or another. End of story
Prethoryn@lemmy.world 1 year ago
Student in IT with a digital forensics degree but, “that could be said with any software you install.” That’s not how security works you shouldn’t think about, “am I vulnerable because all software and hardware is vulnerable.” You should consider it like, “how likely am I at risk of being hacked with this software/hardware.” What is the trust worthiness.
Like consider this would you buy a gun from a stranger or from an official source. Which is likely to get you on a radar for a stolen weapon.
I absolutely love pokemon and I mean that with passion. I have an original, Gameboy, Gameboy SP, Nintendo DS, and 3DS with all of their corresponding Pokemon games, Crystal, Fire red, Leaf green, ruby, etc like genuinely love the game but I am absolutely wary of anything that runs well on iOS or Android unless I know where it is coming from.
While you might be fine what you should be aware of is that iOS doesn’t just always allow this kind of thing.
Additionally, compiling your own code from GitHub also doesn’t mean anything. Open Source is great but the chances of malware being less of a thing aren’t exactly true. I hope you enjoy the game but when their are actual security experts (I am not including myself in that category) telling you to be wary. I would consider those statements.