Maybe the security expert could read the readmes in the repos first. From the iOS app repo:
The initial development release has reduced security, privacy, availability, and reliability standards relative to future releases. This could make the software slower, less reliable, or more vulnerable to attacks than mature software.
And further:
If you’re planning to use this application in production, we recommend reviewing the following steps: […] The Pin storage configuration matches your security requirements, or provide your own by following this guide Pin Storage Configuration […]
So the text hints not at design flaws but at facts that are already stated in the readme. <irony> Plus, the major source for the article is Pavel Durov, who’s messenger is of course a standard in security and privacy. </irony>
So there seems to be no news but a lot of speculation by Durov instead.
I really hope the manage to do this properly. I’m all for verification on the internet, but only if it is fast, secure and reasonably private. You can do it, but noboy has so far
I can say that it works fine for me, although I’m not up to speed regarding its security. I like that it explicitly tells me what kind of data is requested and by whom. The problem here is mainly low adoption. If they rolled the exact thing out EU wide, it would probably gain more traction. It’s a joke they have no official Linux support despite having an Android app tho
Maybe the security expert could read the readmes in the repos first. From the iOS app repo:
And further:
So the text hints not at design flaws but at facts that are already stated in the readme. <irony> Plus, the major source for the article is Pavel Durov, who’s messenger is of course a standard in security and privacy. </irony>
So there seems to be no news but a lot of speculation by Durov instead.
Yeah the weird thing is that Von der Leyen claimed it’s basically done and perfect. But it’s nothing of the sort.
I really hope the manage to do this properly. I’m all for verification on the internet, but only if it is fast, secure and reasonably private. You can do it, but noboy has so far
What’s your assessment of the German eID and AusweisApp2 that has been in use for many years?
I can say that it works fine for me, although I’m not up to speed regarding its security. I like that it explicitly tells me what kind of data is requested and by whom. The problem here is mainly low adoption. If they rolled the exact thing out EU wide, it would probably gain more traction. It’s a joke they have no official Linux support despite having an Android app tho