Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Wow, no!
Everyone's texts and contacts' numbers being sent to a third party? And who is
going to be funding this insecure service?Original comment by zip...@gmail.com on 3 Nov 2010 at 1:19
GoogleCodeExporter
commented
9 years ago The app already has a security feature to encrypt notifications, so it's not
like some third party could actually read the messages. Of course that's not
enabled by default and the app will currently blast notifications in the clear
across public networks, so third parties can already intercept everyone's texts
and contacts.
I would assume the server software would be open source like the app, so any
user with $8 and a dreamhost account could run their own service.
Original comment by mbarc...@gmail.com on 3 Nov 2010 at 2:15
GoogleCodeExporter
commented
9 years ago This could definitely be brute-forced by a malicious server owner (I'm security
paranoid ;-) A big problem is that anyone could make a request to the server
for any Android_ID; it would take effort but you know someone would do it for
access to private data!
You have an idea that would be great if it could be more secure, but I think a
central database of the notifications proves much less safe even compared to
unencrypted notifications across a localised network :(Original comment by zip...@gmail.com on 4 Nov 2010 at 2:43
GoogleCodeExporter
commented
9 years ago So, the idea is to allow notification method plugins in the long run, then any
methods including this one can be added as plugins. Being a plugin, each person
can use his judgment on the security vs ease of use tradeoff :)Original comment by rdamazio@gmail.com on 5 Nov 2010 at 6:42
Original issue reported on code.google.com by
mbarc...@gmail.comon 19 Sep 2010 at 7:30