You are viewing a single comment's thread from:

RE: [Introducing Steemy] - Fully Native iOS/Android apps for STEEM

in #steemit8 years ago

@steemapp: I'm referring to the debate there was in steemit.chat . Understand that allowing people to use their master password is raising a huge red flag. You don't need the master password for posting. Why ask for it or even allow people to give it and at the same time jeopardize the security of their entire account (you know smartphones are unsafe, don't you?). I'll personally (and this won't be only me) will be putting disclaimers in each and every of your posts reminding people of the security risk of using their master password on their smartphone, of the fact there is no way to really know what you app does, and of the fact they could lose entirely their account. But if you don't ask for the master password and instead encourage people to manage intelligently the security of their account, I won't have any reason to make all that noise.

Beside, if you ask for the master password, many people will be challenging you for opensource release. I know opensource in meaningless in the case of smartphone apps which are anyway built and released on app stores that don't allow users to check signatures and checksums. But I know people will still ask you. You can easily avoid that, again, by opposing to them that you only ask for the posting key that can be replaced in a finger snap should people feel that the application is misusing their key.

For everyone's peace of mind, and to avoid you trouble, questions and accusations, please DO NOT "offer" the possibility for people to use their master password. There is now a "permission" tab in Steemit. If need be make a quick tutorial animation to show people how to get their posting key and put it in your app.

This is the one and only issue that makes your app cross my alert threshold. And again that's not only me annoying you, you'll get heat from every direction if what you do risks compromising Steem users account security.