App Creator


#1

How does an app creator/developer get vetted? My concern is I am trying to contact some app developers and never here back from them. If I decide to use app like mywhereabouts and blockvault, They both store sensitive information, How do I know the developer isnt funneling that data to another repository plus my own?

In my profile it also shows the apps I have tried (maybe use, maybe dont). What if I dont want people to know I use that app?

Thanks


#2

You probably should only use apps that are open source so it give you trust and the ability to continue using the app when the app publisher stops supporting the app. The blockstack browser will (hopefully in the soon future) give you access to your own data even without asking the developer for support.

If you don’t want to publish that you are using an app the app developer should remove the permission to publish data in you name from the app (or provide a “private” clone with less features) If it is open source it is probably easy.


#3

@ friedger, you always are a wealth of knowledge. Thanks again. I agree with you, why are these apps on product hunt and app.co without the code being vetted (on github, owner verified condition of some sort, etc). I dont think they should be on either of those platforms without the code being open source.

How would I go about doing this?

If you don’t want to publish that you are using an app the app developer should remove the permission to publish data in you name from the app


#4

Currently, there is little you can do, other than asking the developer to rethink whether that permission is still needed.


#5

Can you tell me what the app uses the data for? Some apps use and some don’t. I also notice that it sometimes takes days to write it to my profile.

Also do you know what the “graph” parameter is used for?
“graph”: {
“url”: “https://s3.amazonaws.com/grph/josephfoboyle

Thanks for your help


#6

I agree with you, why are these apps on product hunt and app.co without the code being vetted (on github, owner verified condition of some sort, etc). I dont think they should be on either of those platforms without the code being open source.

@josephfoboyle.id, open sourcing an app is a largely political move. You don’t know if the code provided in git is actually what you are running. Professionals decompile code and examine that–for example the NSA: https://www.nsa.gov/resources/everyone/ghidra/.

Ultimately you can take that route or decide upon a criteria for trusting a developer. Similar to yourself and @friedger, I’m more likely to trust a developer that open sources their product, but that would be an insufficient criteria for something that I would allow to access my passwords.


#7

Google slogan is “Don’t be evil” and Muneeb said it should be “Can’t be evil”

Doesn’t close source code belong to “Don’t be evil” philosophy?


#8

@alexc Thanks for the knowledge. I agree, the key is to trust the developer. Thats a very astute assessment. I have to think about that more. Be well