[cheshire137]

I myself would either like to see the source or have the developer pay the $99 to get Apple to review the code and make it more trustworthy. As it is, I'm a little nervous running the app and letting it auto-update daily when I have no idea who the dev is or what's in the app.

[foodstances]

You do realize that Apple doesn't review code, right? An application in the App Store can issue malicious or accidental "DROP TABLE" statements just as easily as an application you downloaded from GitHub. Apple only reviews apps (in binary format) to make sure they mostly do what they say they do, and that they don't violate Apple's distribution guidelines (porn, trademarks, etc.)

[josephlord]

They do at least in theory establish a legal entity that is responsible. It also provides a mechanism for removing the app if malicious behaviour is detected and reported.

You are right about "DROP TABLE" risk in this case but some other threats are mitigated by the sand boxing of apps.

[empthought]

The code signing mechanisms that Apple employs in the App Store removes the risk that a third-party software update server will be compromised and distribute malicious code to an otherwise trustworthy application.

(Probably not a high risk in this case, but on principle...)

[yliang]

Currently the auto-updating feature only reminds you to download an update. It doesn't update itself silently. And you shouldn't edit your production data directly anyway (or at least you should try on a dev server first), right?