zap.store on Nostr: The security issues had to do with their build process and infrastructure, not the ...
The security issues had to do with their build process and infrastructure, not the app.
F-Droid could be injecting malicious code and you would have no idea.
Same for Obtainium. Github et al (or their hackers) could be replacing the APKs with malicious ones, which are obviously cheap to fork in open source software, this actually happened with a Wasabi Wallet release for Windows a few months ago.
So "it's whatever the dev published" is kind of true, and we actually rely on it for lots of Zapstore apps, but thinking it's absolutely true is naive.
Published at
2025-01-30 14:43:30Event JSON
{
"id": "3a8272e50eb1de58e732e39d84cea4715d76b515aeba44b7782f758d4a869b83",
"pubkey": "78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d",
"created_at": 1738248210,
"kind": 1,
"tags": [
[
"e",
"de975f9ad222e2d6a63492372a32706c3348edcee4075783a53e8ca059c519c1",
"",
"root"
],
[
"e",
"ea63db3f2359f681f9b885faab2c0d68e201f924f459d418c12e40c489ffd2bc"
],
[
"e",
"b8bc9163b5041375446ecdd05e7e04e04b8eea57ce3d04e214a02a46256fe8fd",
"",
"reply"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"965f6d9b0851f57ff7734bbddebc958bb7c48b6ac24847b311f5bd7096eee020"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"deba271e547767bd6d8eec75eece5615db317a03b07f459134b03e7236005655"
],
[
"p",
"bea424ade017f724f328500662abafcfc27e2aea5a7bcb5cb3bcda50e8fea29f"
]
],
"content": "The security issues had to do with their build process and infrastructure, not the app.\n\nF-Droid could be injecting malicious code and you would have no idea.\n\nSame for Obtainium. Github et al (or their hackers) could be replacing the APKs with malicious ones, which are obviously cheap to fork in open source software, this actually happened with a Wasabi Wallet release for Windows a few months ago.\n\nSo \"it's whatever the dev published\" is kind of true, and we actually rely on it for lots of Zapstore apps, but thinking it's absolutely true is naive.",
"sig": "a3f85d2c2b9e3e29f40e84b34838a4a7e6b79e5432d2978f096af7f886e9a05a7510a30e6fc885c4d29bc710feedf33cf4a79b51caa76f6998f3c0dc8625628f"
}
