Breakout (App-Mining entrant) App.co Information Leads to Unsecure Domains, Breaking Apps

Quite punny, but regardless my browser takes data from App.co’s API, and the Breakout (entry 40 on the API list) app has a link in its Image entry which leads to “duaw15jehqd4r (dot) cloudfront (dot) net,” which, according to Brave and Firefox (via Google Safe Browsing) is a dangerous domain – therefore, when my Browser tries to load out Breakout’s icon, it is blocked and locked down, disabling the user and making them unable to do anything.

This is quite a big issue to anyone who wants to use the extension, and even when restricted to app-mining only apps (which I assume would be more curated) it still exists (because it is still in that curated list!).

I hope this can be fixed shortly, either by the admins or by the Breakout authors’ themselves – that is, to replace the App Icon Url with one that leads to a much… safer Url.

Perhaps even App.co could consider hosting the images themselves, and have the Api link to that. Or put it on a Gaia Hub. Something a bit more consistent then linking to some random image host!

1 Like

Thanks for flagging this problem! I’ve temporarily changed Breakout’s image URL to the one cached by App.co with imgix: https://appco.imgix.net/apps/a4ebb6c4-6156-4540-8444-5e0b6af47651

I’m asking internally about how we can more reliably host this asset long-term and perhaps host app assets in general to avoid this possibility going forward.

1 Like

We already do host all the images ourselves, and have a proxy server (with Imgix) in front of it. When using the API, just use the imgixImageUrl property. Then you can also pass params to the URL to resize and crop them.

2 Likes