undefined | Better HN

0 pointse448589mo ago0 comments

How easy would it be for them to ship a backdoor on iOS? With Apple's DRM it should be difficult to decrypt the IPA and compare it to the source code.

0 comments

maqp9mo ago

If your HW/OS doesn't allow verification of binaries, but your threat model requires doing that, then you need to use proper HW/OS that allows the verification. Also, iOS is proprietary so who knows what the OS is doing anyway. Also, this https://thehackernews.com/2014/01/DROPOUTJEEP-NSA-Apple-iPho...

paxys9mo ago

If you are in the EU you can build the app from source and sideload it on your phone. Everyone else is out of luck. So yeah, either Signal or Apple can insert a backdoor into the app.

j / k navigate · click thread line to collapse

0 pointse448589mo ago0 comments

How easy would it be for them to ship a backdoor on iOS? With Apple's DRM it should be difficult to decrypt the IPA and compare it to the source code.

0 comments

maqp9mo ago

paxys9mo ago

If you are in the EU you can build the app from source and sideload it on your phone. Everyone else is out of luck. So yeah, either Signal or Apple can insert a backdoor into the app.

j / k navigate · click thread line to collapse