Add iVerify

[captn3m0]

Explain why it should be added

iVerify is a mobile application for iOS devices from researchers at Trail of Bits. It is available for Individuals, and provides both checklists and automated checks for the device.

Due to iOS restrictions, the checks are limited, but the checklists are comprehensive and explain the exact steps to be taken.

Additional Context

Due to iOS restrictions, the checks are limited, but the checklists are comprehensive and explain the exact steps to be taken.

Mobile Apps Category

Content (optional)

iVerify is a mobile application for iOS devices from researchers at Trail of Bits. It is available for Individuals, and provides both checklists and automated checks for the device. It also notifies you of critical security issues, iOS updates, as well as reboot reminders. It is available on the App Store

[Lissy93]

Have you got a link to the source or GH repo?

[captn3m0]

While an older version was open sourced, it's just one-component of the current version, so the current application can be considered closed-source.

See the FAQ, and the announcement blog post for more details.

[Lissy93]

Are you associated with this project in any way?

[captn3m0]

Nopes, just a happy user.

[Lissy93]

I'm going to close this out, it's hard to look into it further without it being open source. It's also not free, and their privacy policy doesn't align with the values expressed in this list .

It's best to be upfront if your associated with a product or service (example), and I'll still consider it fairly. But looks you are affiliated with iVerify's parent company, Trail of Bits through GitHub, but didn't disclose this / denied it, which doesn't give good vibes.

Hope you understand, and no hard feelings :)

[captn3m0]

The most I can remember dealing with Trail of bits is submitting a PR to one of their open source projects.

I'm not associated with them in any way - I googled all of the above information! Didn't even know about iVerify being partially open-sourced till you asked me for it.

I've used it ever since I saw the endorsement from SwiftOnSecurity.

It's also not free, and their privacy policy doesn't align with the values expressed in this list .

Maybe this can be clarified in the contributions doc?

[Lissy93]

Okay, no worries. Just unsure, as before you replied I went to check, and saw you was a member of their organization, but then I when to double check after your reply, and you'd left / privated it. But you're right, I can only see a few public contributions from you.

But either way, the Privacy Policy doesn't align in terms of data collection and retention, the use of Google Analytics, third-party persistent cookies, disregard for DNT and with what collected data is used for, and who it is shared with.

Where possible projects should be open source to be on the list. But if they're not, then general respect for privacy is a must, as well as transparency from members.

[Lissy93]

I've used it ever since I saw the endorsement from SwiftOnSecurity.

Yet you contributed to it before the date of that tweet... 8fcfe9c

Yeah, this whole thing just sounds a bit off to me.

[captn3m0]

First of all, thanks for creating the list 💯 -it's a great resource. I'm finding some interesting gems because of this.

Yet you contributed to it before the date of that tweet...

The twa project isn't the same as iVerify - it's a security scanner I've used in the past. A small open-source contribution on a different project from the same org shouldn't imply an affiliation right?

but then I when to double check after your reply, and you'd left / privated it.

I've never been a part of the Trail of Bits org on GitHub. I'm okay with the PR being rejected, but it's silly that it's being done on baseless grounds.