Reposting this comment here for transparency

What Blorp stores:

  • Unless using the website, all the code is stored locally on your device
  • On login, we send your username/password to Lemmy/PieFed
  • The API responds with a JSON Web Token (JWT)
  • This JWT can be used to update, vote, post, etc on your account. It cannot be used to delete your account.
  • We only ever store the JWT, so it’s actually impossible for Blorp to delete your account

The bad news:

  • MacOS stores the JTW locally as plain text. After reviewing this, I’m unhappy about this.
  • iOS also stores the JTW in plain text, but has some pretty strict app sandboxing as far as I know. I’m not to worried here.
  • I think Android also sandboxes, but I’m not 100% sure.
  • Web stores the JTW in plain text, but this is pretty standard. The web enforces pretty good sandboxing between websites, and I don’t run any code that isn’t bundled into my app. I’m also not worried about this one.

I’m working on a rapid security update:

  • This update will encrypt the iOS, Android, and MacOS databases on initial launch. Any unencrypted data will be destroyed immediately.
  • I’m really sorry I wasn’t more careful here.
  • I also wouldn’t panic as an app would have to know what file to look for, how to parse that file for the JWT, what instance the JWT belongs to.
  • This update will be v1.9.12, and will be rolled out as soon as I’m done testing

TL;DR, MacOS is probably fine, but concerning me a little. This rapid update will bring encryption to iOS, Android, and MacOS.

    • moseschrute@lemmy.mlOPMEnglish
      1·
      6 months ago

      v1.9.12 will turn on encryption with the key stored in SharedPreferences. The update will also erase all unencrypted data. The database is handled via this library.

      I am trusting this capacitor library to handle encryption correctly. I’m pretty sure this update will lock down things to a point where I’m petty comfortable that no damage can easily be done. I’m also pretty sure Android has similar app sandboxing to iOS, so this might not have been a vulnerability to begin with.

      I would appreciate a second pair of eyes on this, if anyone else would like to audit my code.

      Moving forward, I’m going to try and have a few lines of defense. I’m going to look into turning on app sandboxing for MacOS, as that will provide an additional security layer on top of encryption.