You are viewing a single comment's thread from:

RE: "My story with Partiko" contest ending in 4 hours

in #partiko6 years ago

This is me being overly paranoid, but I was just wondering if the steem connect flow could use the phone's native browser? The android OS makes it sound like partiko in theory could record your active key. Maybe I'm overestimating the risk here? It seems to have built a reputation that makes this not an issue, but I'm simply pointing it out because I feel like I'm not the only one with this question?

That and it's not yet open source so I cannot verify its behavior.

6 years ago in #partiko by
$0.00
    Reply 3
    Sort:  
  • Trending
    • [-]
     6 years ago  

    Great and professional question. We are using Android's native webview therefore we don't know what's happening within the webpage, same with iOS.

    The reason for not using the native browser is that it jumps back and forth, which is not as ideal as staying within the app.

    In terms of open source, we have some thoughts on that. Open source does not make the software more secure, the team/community does. We have Linux as the greatest open source software ever, and we also have macOS and iOS that are extremely successful but close sourced. If Partiko screws up, our users leave us and that's the worst punishment we can ever get. The market works out all by itself.

    Whether we want to open source or not is up to the benefit to the project. Right now we see more burden and overhead than benefits, but that can change over time.

    Thank you again for this great question.

    Posted using Partiko Android

    $0.06
    • Past Payouts $0.06
    • - Author $0.06
    • - Curators $0.01
    1 vote
    Reply
    [-]
     6 years ago  

    Ah I figured as much. Yeah with the open source thing I was supposing there was a way to verify via some signature that the code version on the play store matched what was in the repository, but probably even getting such a system like that working properly and securely is non trivial, and even keeping tabs on versions becomes burdensome even if possible, so in the end it'll ride much on developer trust, as you say. I already trust steem connect in this way ha....

    Thank you for the response! In any case I am not using the owner key and should be using my account in a way that if the active key does get exposed it impact is not as high.

    $0.00
      Reply
      [-]
       6 years ago  

      That's definitely the right way.

      It's a pleasure to meet you.

      Posted using Partiko Android

      $0.00
        Reply