|
|
|
|
|
|
by dsacco
3411 days ago
|
|
|
This is a cool idea. I expressed an upfront concern about reverse engineering in another comment directly to the OP (no DRM is foolproof, etc). After skimming through the whitepaper I'd like ask you a few implementation questions about the feasibility of client trust: • Can you tell me how the device token/keys are stored locally and accessed by the application? I understand the crypto itself (e.g. libsodium), but I'd like to know how you're protecting data on the client insofar as you can. • Can you tell me what your methodology is for determining if an application has been manipulated or altered? • How are you specifically obfuscating sensitive data or otherwise making the DRM bypass difficult (e.g. obfuscating data in .so files, etc). I'm not trying to grief you here, I just want to talk about technical protection mechanisms in place. To your credit, you explicitly admitted that DRM is fundamentally not a foolproof guarantee (though that's different from saying it's not effective...). I think your app would mitigate most scenarios where an ex would try and expose the other party. |
|
|
1. Uses Realm for storage, encrypted with their encryption api using a random key generated on first boot stored in iOS keychain.
2 & 3. It has some rudimentary jailbreak detection but obfuscation is still in the pipeline.
(Getting late here in Tokyo so may be until tomorrow before I answer follow up questions)