Don't Android apps that talk to the network need permissions to do so?
This app isn't listed as needing permissions to access anything other than the camera.
I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store. The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase. The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase.
I wish there were a more robust way for users to know it's not leaking their passphrase. I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware.
I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility.
there are several ways to bypass this which arent fixed to date!This app isn't listed as needing permissions to access anything other than the camera.
I'm developing a tool for iPhone to help create encrypted paper wallets and plan to put it in the app store. The idea is that you can put your passphrase into the tool, the tool will assist you in ordering paper wallets from someone else that require your passphrase, but without actually divulging the passphrase. The tool will also verify (via scanning QR codes) that the paper wallets you receive are legitimate and that they're really encrypted with your passphrase.
I wish there were a more robust way for users to know it's not leaking their passphrase. I will be releasing the source, and at least the binary will be signed, but the average iPhone user isn't going to be able to compile or install it without payware.
I suppose, at least, that someone interested in compiling this tool themselves could just do that with my desktop utility.
http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf
there's another security issue where u can use the internal browser to create a tunnel outside (couldnt find the link, altough didnt search long) and therefore the app dosnt need any permissions.
therefore u cant know if its secure unless u test it in a sandbox or got the sourcecode.
