|
> I'm not saying the app is useless, I'm just saying it's not as easy as the website says. I personally wouldn't use a mobile app for that, because it's too risky in my opinion. It is assumed that you are in a risky situation, or you want to have control of the information if something were to happen, I honestly think it is easy or maybe I should try harder to explain it better, you upload the files, configure the emails and activate or deactivate the different functionalities it offers which yes it is true they are varied and nonexistent in the market. I thought of this service for smartphones because it is what you carry with you almost always, I never thought, sincerely in a web service. > Suppose we have a scenario where someone has confidential information incriminating one of my theoretical adversaries and sets up Zoldy with the data. What if I hire a thug to steal and destroy the phone? Will the owner be able to stop the messages he doesn't want sent? I suppose in this situation a person has the phone and is being attacked to destroy it in order to stop the service so that the emails are not sent, however in the above reasoning something escapes me, you see, if I have the service activated it is because I want to use it in case something happens to me, why would I want to stop it. If the phone is destroyed without the service being Notifications On, when the service time is over everything will be automatically erased, which links to the next question... > Can the application be restored to a functional state on another device? If so, then a malicious third party could access the Google/Apple account and restore it by gaining control of sensitive information. No, the app only works on a single device, in fact, it is tied to it, the device is the "user". You can't move it between devices or share it. > According to the website, the data is stored in Firebase. But how does the application access them, is there a gateway server that controls? If so, I wouldn't even bother with the above scenarios, but attack that server and get ALL the data. Not just from one target, but from all, which would be pretty much a disaster (for you, the app and all clients). Your files go from your terminal to Firebase directly, they don't go anywhere else, the app doesn't access them just upload them, you can delete them of course, you can attach those files to any email and they stay there for the duration of the service and if the emails are sent they stay there for 15 days so the recipients can download them, then everything is automatically deleted, files, emails and messages. That way your files go from your terminal to Firebase and if for any reason the emails were sent, only go to the recipients you have previously defined. |