Open EdGeraghty opened 2 years ago
On one hand:
On the other:
Overall, I disagree with dropping support for some OS versions purely for security reasons. However, a warning could be beneficial to the user, as long as it's properly designed both UI/UX-wise and technically (whether the insecure list is hard-coded or fetched from the network).
Yeah, definitely not dropping support but very on board with adding a warning based on version / device 👍
We'll have to focus on making this very separate from any other domain logic and be very conservative about which versions and devices show a warning for the first pass at this.
Ideally this would be shown as a dialog similar to the TOS. It could be shown after they accept the TOS and again before they login / the login button would require them again accepting their device is potentially insecure.
Ideally this would be shown as a dialog similar to the TOS.
That was pretty much exactly as I was envisioning it.
It's not the fault of the users with the devices, but IMO they do need to at least be informed when choosing a privacy/security-based messaging app that their very device puts them at risk, no matter what is done in the app to try and mitigate
Perhaps instead of singling out individual handsets in that way, we make it just another step in the TOS for everyone?
That way we can make it a more generic "No amount of security in an app can keep your device secure if it's already vulnerable"
I'm envisioning something not dissimilar to Tor Project's warning that the Tor Browser Bundle won't suddenly make you invincible.
Unsupported Android is literally dangerous to run in production these days.
Part of the problem, however, is Low-Cost Tech is still being pushed to market with versions of Android which have been out of support for years, and as such IMO it is not for Syphon to remove some ability for secure messaging even on poor endpoints.
Should we display some warning to the user that their device is beyond its safe useful life?