[vmception]

yeah this is one reason why I can't take mobile app end to end encryption, or client side only, claims seriously. a single update at any time could undermine all of that

and secondly, they or an analytics package can just read everything client side and upload it to a server anyway

doesn't matter if its whatsapp, or signal, or some protonmail client if such a thing exists

I just don't use them with that assurance in mind, I use them for other things.

[Barrin92]

>yeah this is one reason why I can't take mobile app end to end encryption, or client side only, claims seriously.

If it's a large company like Facebook that values these products like Whatsapp at billions I trust them at least on this issue. I'm pretty sure they're not going to put junk third party malware for 50k into the Whatsapp client.

This is mostly an issue for apps done by individual developers who have huge incentive to take these deals, like the barcode scanner in question.

[vmception]

They've been sideloading with React Native, allowing updates even for people without automatic updates enabled, and have abused enterprise/privileged developer keys which allows access to additional parts of the system. I just don't see how you can draw that conclusion.

I use the apps for other things, not for any assurance of privacy.

[krageon]

> I trust them

You literally mentioned a company that betrayed trust so bad a government tried to call them to account.

[Barrin92]

Are people capable of enough nuance to distinguish between issues that large tech firms are likely trustworthy on and issues that they aren't?

When they stand to make billions from breaking my trust I'm sceptical. When they stand to make a penny and ruin their entire product, then no I' not.

The problem in question here, that rogue developers sell out their product to third parties, is not an issue that Facebook, Google etc have. They have every incentive to keep their software secure.

[krageon]

A betrayal of trust will not "ruin their entire product", we've already seen that it won't (no matter the scale). Believing a small betrayal to be worse than a big one is your right, but that doesn't mean it isn't naive.

[vmception]

Your whole premise is based on a very arbitrarily low value of collecting your plain text data? From a company that is a machine built for monetizing this specific thing? And that they wont because their users care about trust too much, users of Facebook products but specifically whatsapp? And you think the rest of us arent compartmentalizing our issues with that company enough?

this is.... I’m speechless, I ran out of words for this absurdity

[MrPatan]

I get what you're saying, but it's funny because what the dodgy small players do with the data is actually sell it to facebook. You're just cutting out the middleman here.

[phone8675309]

>If it's a large company like Facebook that values these products like Whatsapp at billions I trust them at least on this issue. I'm pretty sure they're not going to put junk third party malware for 50k into the Whatsapp client.

Zuck: They "trust me"

Zuck: Dumb fucks.

[kobalsky]

That's a one dimensional way to think.

You may not be able to trust facebook with your privacy, but you can trust them not to install a malware that swipes your bitcoins.

That being said, I despise the current state of affairs with cellphones. I don't like needing to trust any corp. I'm jumping to a Linux native phone when my current device dies.

[phone8675309]

>you can trust them not to install a malware that swipes your bitcoins

Sure, they might not take malware that swipes my crypto, but I wouldn't put it past them to take malware that uses my resources to mine for crypto. What is the downside for them?