Submitted 8 months ago by gitgud@lemmy.ml to technology@lemmy.world
An app that helps users track ICE agents
Stop recommending this shit ffs. Its super suspicous, closed source and intransparent in its operation. If the feds raid this guys house and push a malicous version, all the users are fucked. This is not a good app to recommend.
Do you believe the independent security analysis of the app to be malicious then?
When you do business with companies in certain industries not only is your software audited but your entire development process, business processes and staff are audited.
It’s not unreasonable to question a closed source application for something like this as one version was audited, but what about the next?
How do we know their dev process hasn’t been compromised? Or the person building app wasn’t compromised? Or that the entire thing was not compromised from the start?
Likewise, an audit without full access to code isn’t useless, but hiding behavior from an audit and for a certain period of time would be straight forward. How do you know there is not a dormant command and control system in the app that will cause it to behave in a malicious manner after a set amount of time or after a specific push notification is received?
I am not saying this is present, just that Audits like this are only able to catch what they can observe and the existence of an audit does not mean to blindly trust something
Having the App be open source would be a big step towards providing the transparency needed to address these concerns users would not have to trust anyone and can confirm the builds on the app stores match what is on their Git.
I am not pointing this out to jump on the “Don’t use this app” bandwagon. I am pointing it out to say that there are reasons to be skeptical of these sorts of things in our current political climate.
Remember Sabu and LulzSec
prettybunnys@sh.itjust.works 8 months ago
I’ve seen this app panned by folks who don’t like that it’s iOS only and the legitimate concerns they have about anonymity with android, even if you’re on graphene or the like.
Their concerns regarding push notifications on android are legitimate, they’re basically saying “we don’t want to collect data on our users and android would necessarily require this for push notifications to work”.
defaultusername@lemmy.dbzer0.com 8 months ago
My main concern is that the app isn’t open source.
Ulrich@feddit.org 8 months ago
There are no legitimate concerns outside of iOS. The dev doesn’t know what they’re talking about. Apple and Google have identical privacy flaws in their notifications. The difference is only 1 platform allows you to use a different notification system entirely. And only 1 platform allows you to download apps without logging who is doing it.
prettybunnys@sh.itjust.works 8 months ago
Please could you explain what you mean here?
NuXCOM_90Percent@lemmy.zip 8 months ago
I would argue more that anyone grabbing this from the app store is painting a target on their back. It doesn’t matter what permissions it does or does not have: You are now giving a mega company run by a c-suite that have demonstrably bended the knee to a fascist information that you care about this.
Push notifications are incredibly valuable. I still argue that doing it through a dedicated app at all is idiotic and it should instead be through a semi-anonymous chat system like Signal or Matrix and the like and get group blasted.
LibertyLizard@slrpnk.net 8 months ago
Link?
prettybunnys@sh.itjust.works 8 months ago
To which bit?