Worth reading:
1 Like
That is annoying but not a requirement. In macOS the app sandbox and hardened runtime as well as notarization require the app to be signed so something is like to see changed for security reasons. But cwtch is still really cool and Iād like to see it added, especially since every other chat app doesnāt bother using the OS security features outside of just the ones required to not show a scary message to the user anyway.
Itās certainly a requirement that apps have to actually work on the platforms they support.
Tools should be accessible to most computer users, an overly technical background should not be required.
Also not seeing an audit anywhere.
The SimpleX app is not audited either
Next: security audit in 2025
We are planning the implementation security assessment with Trail of Bits in the beginning of 2025. It will be a twice bigger assessment than we did in 2022 ā it will cover both the core of the app and the handling of cryptographic secrets in the mobile applications.
Both of these audits didnāt involve the app, just the protocol.
1 Like
yes, see the quoted text at the end. Your reply was to a post seeking any audits reports for Cwtch which they currently have 0.
1 Like
An audit of the protocol is not enough to defend against neither a malicious provider (although audits are generally bad at this) nor broken encryption. Itās good to see a complete audit is planned, but the fact that SimpleX is recommended right now shows that audits should not be enough to block Cwtch or any other messenger imo (although it is listed as a requirement).
1 Like
Itās not blocking it, just something I noticed. Itās good to be thorough I think before adding things. Iād really like to see their app be notarized and sandboxed on macOS. An official flatpak would also be good to see.
2 Likes