Before linking an account, be sure the app you’re using is legit.

  • ShunkW@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    My experience is from years ago, but the vetting process seemed about the same for both when I was working on an app. The initial publish process takes forever. The update process through Apple was much simpler and that used to be a successful attack vector.

    Since you rarely get feedback from updates, it’s hard to say if Google was as vulnerable, but I’ve heard that the update scheme is still a thing. Publish a legit app then push malicious updates.

    • SimpleDev@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Interesting, thanks for the info!

      I wasn’t aware of the update process being used as an attack vector (if it’s still a thing) gonna have to read up more on that.