Hmmm.
So, the need for vigilance will persist, though.
I wouldnt imagine that it takes many lines of code to extract keys.
Would github track a change to the code that made that change to the clone?
Or, would short term mods be invisible requiring constant review of the code?
You are viewing a single comment's thread from:
Whatever tool you use and where you input your keys, you are extending your trust to the devs and their security. It can happen that someone hacks an app and adds malicious code that will extract your keys and it will be very hard to detect and block that.
Wonderful.
Just a matter of time and luck at not being caught up in a hack.
It's worked this far, i guess.