[miles]

To his credit, the author has released the source for the Chrome and Firefox versions:

https://github.com/darkreader/darkreader

However, I posed the same question in the MAS about the closed-source Safari version, which requires full access to webpage contents ("Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages") and browsing history ("Can see when you visit all webpages").

The author's response boiled down to "trust me" and "trust Apple's review process".

Shortly after mentioning recent headlines highlighting weaknesses in Apple's review process ("More malicious apps found in Mac App Store that are stealing user data" https://appleinsider.com/articles/18/09/07/more-malicious-ap... , "Mac App Store apps are stealing user data" https://blog.malwarebytes.com/threat-analysis/2018/09/mac-ap... , etc), Apple deleted the review, but a cached version can be found here: http://www.gadgeteur.com/2018/11/26/dark-reader-for-safari-a... and here: https://pastebin.com/DxsWcaj7 .

EDIT: Other than the permissions issue (which was unfortunately a show-stopper for me), I was very pleased with the Safari extension's functionality; it could be a good fit for those who restrict their web browsing to non-sensitive sites or who can remember to disable it when necessary.

[atestu]

But there's no proof that the published source code is the source code of the extension! You still have to just trust them

[ibly31]

There's an extension that allows you to view the source of any Chrome extension direct from Chrome's repository.

"Chrome Extension Source Viewer" I use it to audit every single app that I give permission to read each site.

[keehun]

You can always load your own from source.

[anyzen]

Sure - but do you? Does anyone?

EDIT: a better solution would be if the store itself allowed you to inspect the source that went into building the plugin. Then you would only need to trust the store itself, which you already do (when you trust the browser).

[throwawaylolx]

It's quite common among many groups of people to download and install locally as it also protects you from unwanted automatic updates. For instance, those using MetaMask or Scatter to interact with a blockchain are often advised to install the extension offline.

[anyzen]

I have yet to meet a person who did it though. Though I'll admit that the argument against automatic updates is a good one..

[snaky]

> the store itself allowed you to inspect the source that went into building the plugin

Or at least build it from the source code, like F-Droid.

[gsich]

You don't need to install from the store.

[alexanderby]

Sorry, I'm not sure that publishing a paid app source code would be a good idea. There is a chance that somebody will publish the same app under different name. Somebody has already published a crack for it. And another Safari app already reuses some code from Dark Reader for Chrome.

There was a long discussion regarding this review https://www.reddit.com/r/apple/comments/9y0s2a/dark_reader_d...

You know, some Apple developer can also put some malicious code into Safari, but for some reason you trust them and use their browser, even though they used to slow down older iPhones without a warning, forcing users upgrade to newer devices. Who knows what they will do the next time.

[miles]

> Sorry, I'm not sure that publishing a paid app source code would be a good idea.

In an earlier comment on reddit, you wrote[0]:

"Safari version is not open source yet, but it did pass a manual review too."

which implies it would be open sourced at some point. Have you changed your mind?

> There was a long discussion regarding this review...

Thanks for the heads up. I'm sorry they didn't include the full context, including my comments; the links I shared above do.

[0] https://www.reddit.com/r/mac/comments/9n1eiq/mojave_dark_mod...

[alexanderby]

When the amount of donations will be enough, then I would be able to publish the source code of the Safari app. But currently it is the major source of revenue and it lets me continuing the development and spend as much time as possible.