Hello folks,
I thought this app maybe replace the already removed Raivo for iOS. Please check if this app meets all criteria. Link attached -
The app does not seem to be open source.
I have been using OTPAuth for years. It is not open source. The privacy policy is very good, its brief covers more than most and nothing is collected. The app does check in with the apple store on start up but this seems to be common to many iOS apps.
I have run Raivo in parallel for some time and until recently (maybe 6 months ago) did not consider changing (OTPAuth seemed more secure/solid). Luckily I had not yet moved across.
Export and import work (tested). I have not looked at the save format. It can display QR codes, making it easy to move to a different app, or backup to another phone. It can save to iCloud, but I have not tested that (I keep things local).
1 Like
I understand your point, but you had better to check PG criteria for MFA.
Why does open source even matter on ios? It’s not like anyone’s going to compile it from source and then sideload it every 7 days due to apple’s restrictions, how can you ensure that an app from the appstore matches the source code?
Tbh, most of people do not inspect code or compile it theirselves, including myself. My personal view about the criteria of being open-source is not purely practical.
First of all, I prefer open-source as a principle. For some apps, I donate, for some, I gave reviews and suggest other people.
Secondly, it is highly unlikely that a developer will insert a different code to App Store, which will harm their reputation. This does not mean they cannot.
Third, when you remove this criteria, you can have hundreds of apps in different categories, which you will trust them only by their privacy policy.
1 Like
Yes the PG criteria specify open source, but the criteria are just the ideas behind the selection process. Look at password managers, which I would class as more critical than a MFA app, PG allows 1Password which is not open source. From a security view, open source is only a positive if there are people actively monitoring/reviewing the code. Further Apple (or Google for Android) could easily add code to the apps in the store and open source would make no difference (look up the SourceForge disaster).
Personally I have looked at a number of MFA apps for iOS (including 2FAS, Ente, etc.) and feel OTPAuth is a strong solution.
1 Like
It’s interesting that we’re having the “open source” argument in a thread about Raivo replacements, when an actual open source license in that case could’ve avoided this whole issue.
3 Likes
Agreed, open source would have avoided this. Unfortunately we are now in a position where we have to weigh the pros and cons of the available options.
Further Apple (or Google for Android) could easily add code to the apps in the store and open source would make no difference
I wouldn’t group together android and ios like that, on IOS its a major hassle to compile from source and then sideload that (every 7 days), so if a developer were to ship different code in the appstore, they’d likely get away with it for some time.
On android & linux, an app being open source makes more sense. For android, there’s fdroid for example which solves this issue.
Well, you automate it with AltStore to remove this inconvenience.
I still agree though, but Google Play switching from developer-owned keys to Google-owned keys does worsen the situation on Android a lot for Play users. Sideloading is still a great option to have.
1 Like