Pretender8

@Pretender8

they/them/she/her/xe/xer

umbrella enthusiast, proud blåhaj owner. people think i'm a hat for some reason. I make art, sometimes.

Pretender8 @Pretender812/1/2022, 7:05 PM

sarah zedig! 🍉🐐@sarahzedig

Gwyn @hellgnoll11/30/2022, 11:12 PM

https://zerforschung.org/posts/hive-en/

* this article has solidified a thought i was having trouble articulating until now

* the thing about web apps is that tons of people know how to pentest them, like that's literally what "script kiddies" refers to

* but mobile apps, especially on iOS, are such a closed ecosystem that actually you can get away with writing less secure software, because it's way less likely that a 16-year-old may try to break it

* i think we should inherently distrust the security of anything that is only an app.

You must log in to comment.

in reply to @hellgnoll's post:

㋬Zen1th @zenith39112/1/2022, 9:08 PM

From experience, this is quite true I was shocked when it turned out an iOS game I decompiled didn't check the certificate when doing HTTPS requests. Like at all. You could supply a completely invalid certificate and it would blindly accept requests.

Gwyn @hellgnoll12/1/2022, 10:14 PM

incredible