After Raivo is hard to trust an Authenticator App in iOS for me at the moment.
Tried both 2FAS and Ente, and both phone home when the app start.
Don’t like that for a security app.
Also don’t like when a privacy-security app has anything rather “Data Not Collected” as an App Privacy label in App store.
Really surprised that people here are starting to recommend ente Authenticator.
At the moment i am back to Tofu with the bare minimum entries that i use everyday and luckily i have an android device with Aegis to do the heavy lifting.
Data not collected just simply would not be true if the app will sync.
If you use the app in offline mode, it will not collect data. You should look at the facts, not at those arbitrary labels. These labels are a nice transparency thing but tell nothing more than what the developer will inform you about, nobody checks if what the devs write there is legit. Ente actually is super clear about what they do and do not collect and in which situations.
Using TOFU is IMHO not a recommendable thing, the app has not been updated in a while and the issues have piled up, it looks abandoned and unmaintained. If you use Ente without account, there would not be any difference in data collection. So this is quite ridiculous paranoia.
Raivo did not collect fewer data than Ente does, it just doesn’t make sense. You pick, either offline or with sync, both can be done in the same app. I really do not understand your concerns.
I just feel uncomfortable to use an authenticator app with sync.
Raivo has sync but it never phoned home and you could tell from your network logs that it is really in offline mode if you choose that.
Ente and 2FAS phone home from the moment you open the app. Sync or not sync enabled.
I personally wouldn’t use them, maybe people wouldn’t mind them, that like to have encrypted sync, but recommending them when every-time i open the app i ping their server? Weird (for an app of this purpose).
Maybe the app store labels don’t mean anything. But it is easier for an app to become sketchy when it has sketchy labels already, than an app with “Data Not Collected”. Because Apple is strict on the app store publications, and the Data Not Collected wouldn’t suffice when you decide to go sketchy.
I know the issues with TOFU, recommended? Definitely not. More comfortable to use at the moment? Yes
I ll just wait for a true offline or offline mode authenticator app to appear in iOS.
Now it would be a good time for Aegis to port in iOS for example.
Zero network calls are made if you have installed the app from AppStore, FDroid or PlayStore, since these platforms provide their own update mechanisms.
If you notice anything amiss, do let us know, would be happy to fix it!
p.s. This is not an attempt to sell Auth, please use apps you are comfortable with.
I think it is the exact same behavior with 2FAS. It makes a connection to googlecrash reporting or something similar if you have it enabled, else, nothing.
Alright, based on a quick search and test, although it will always do that connection, it is only used for the browser extension feature. I have it blocked in my DNS and app still works just fine. Based on their github, it’s for browser extension and notification (for said extension) Could be nice to be an opt-in rather than by default.
you need some kind of realtime dns query logger like the ones in pi-hole or nextdns but you can watch it also within the build in App Privacy Report in Apple’s privacy settings.
I personally use Charles proxy, though they are also many more advance tools too, like Burp Suite & mitmproxy.
apple should really add built in a way to turn off network access to an app in ios like graphene has. if they did, it would encourage google to add the same to stock android, not to mention heavily increasing privacy when using some apps