App Creator

josephfoboyle.id · February 18, 2019, 3:00pm

How does an app creator/developer get vetted? My concern is I am trying to contact some app developers and never here back from them. If I decide to use app like mywhereabouts and blockvault, They both store sensitive information, How do I know the developer isnt funneling that data to another repository plus my own?

In my profile it also shows the apps I have tried (maybe use, maybe dont). What if I dont want people to know I use that app?

Thanks

friedger · February 18, 2019, 3:51pm

You probably should only use apps that are open source so it give you trust and the ability to continue using the app when the app publisher stops supporting the app. The blockstack browser will (hopefully in the soon future) give you access to your own data even without asking the developer for support.

If you don’t want to publish that you are using an app the app developer should remove the permission to publish data in you name from the app (or provide a “private” clone with less features) If it is open source it is probably easy.

josephfoboyle.id · February 18, 2019, 4:11pm

@ friedger, you always are a wealth of knowledge. Thanks again. I agree with you, why are these apps on product hunt and app.co without the code being vetted (on github, owner verified condition of some sort, etc). I dont think they should be on either of those platforms without the code being open source.

How would I go about doing this?

If you don’t want to publish that you are using an app the app developer should remove the permission to publish data in you name from the app

friedger · February 18, 2019, 11:19pm

Currently, there is little you can do, other than asking the developer to rethink whether that permission is still needed.

josephfoboyle.id · March 6, 2019, 4:56pm

Can you tell me what the app uses the data for? Some apps use and some don’t. I also notice that it sometimes takes days to write it to my profile.

Also do you know what the “graph” parameter is used for?
“graph”: {
“url”: “https://s3.amazonaws.com/grph/josephfoboyle”

Thanks for your help

alexc.id · March 9, 2019, 6:12am

I agree with you, why are these apps on product hunt and app.co without the code being vetted (on github, owner verified condition of some sort, etc). I dont think they should be on either of those platforms without the code being open source.

@josephfoboyle.id, open sourcing an app is a largely political move. You don’t know if the code provided in git is actually what you are running. Professionals decompile code and examine that–for example the NSA: https://www.nsa.gov/resources/everyone/ghidra/.

Ultimately you can take that route or decide upon a criteria for trusting a developer. Similar to yourself and @friedger, I’m more likely to trust a developer that open sources their product, but that would be an insufficient criteria for something that I would allow to access my passwords.

nguyenloc · March 10, 2019, 3:16pm

Google slogan is “Don’t be evil” and Muneeb said it should be “Can’t be evil”

Doesn’t close source code belong to “Don’t be evil” philosophy?

josephfoboyle.id · March 11, 2019, 5:51pm

@alexc Thanks for the knowledge. I agree, the key is to trust the developer. Thats a very astute assessment. I have to think about that more. Be well