Publish the source code for Ramzor app

[emanuelb]

The source code for Ramzor app on Android/iOS is not published/open-source, please publish the code in github, thus enabling developers and testers to look at the code and suggest improvements, find bugs, etc.. see related issue in hamgen repo https://github.com/MohGovIL/hamagen-react-native/issues/289 which include source-code for hamagen app, the repo includes 215 issues & 74 PRs. I opened 77 issues (20 was closed) in hamagen repo, some are security & privacy issues, and would like to check the source-code of the Ramzor app as well.

[kaplanlior]

We know current MOH plans are to not release Ramzor app as Open Source (contrary to @MohGovIL/hamagen-react-native ). Hopefully enough likes / comments to this issue would change that.

[cool-RR]

If the MOH truly commits to providing a secure and safe solution with the Ramzor app, releasing the code as open source will go a long way towards that goal. +1,000

[bedoron]

Please release the code so we can audit it

[svetamorag]

Right now, there is no plan to publish the source code for the "Ramzor" app. The application is not developed as an open source app, and it contains features that cannot be published without compromise MOH infrastructure or application users. Parts of it will be posted here, like the verification function. But most of the code is not related to the certificates or the verification process and cannot be published here for security and privacy reasons.

[BarYamin]

@svetamorag, With enough reverse-engineering, eager developers will be able to find all of the inner workings the app has.

By making the code open-source, you are allowing developers who are not interested in reverse-engineering to give their input on the security & raise bugs, which would otherwise be exposed by people who are mostly interested in malicious activity.

[shevron]

Now that I know this app's code contains things that make it either too insecure, too buggy or too fishy to be shared by MoH, I probably won't install it.

[ailaG]

The application [...] contains features that cannot be published without compromise MOH infrastructure or application users.

If the application is so vulnerable, as you say, that with reverse engineering people may find practical ways to exploit it, then it shouldn't be installed on so many phones. It should be rewritten if things are as dire as you describe in that comment.