App security (new KeepassRX app)
-
I saw the new KeepassRX app pop up in the app store and I'm very interested to try it. Normally I'm not that that strict with security and trust the systems and people in place. However, this app will have access to all my passwords and made me wonder. Are there any security checks before an app is added to the app store? Can we for example be sure the package is built from the linked source code?
-
C CiberSheep moved this topic from General
-
This has been on my mind too.
I wish there was an strict firewall native in Ubuntu Touch so that we would see and control what is allowed to talk. A local Keepass should not talk to the internet.
-
@t12392n said in App security (new KeepassRX app):
I wish there was an strict firewall native in Ubuntu Touch so that we would see and control what is allowed to talk. A local Keepass should not talk to the internet.
If the app is confined (as this one is) you don't need to blindly trust that the package in the open store was compiled by the code that is linked, to be sure it doesn't phone home. If you know what to look for, you can download the .click package and examine the contents. The most important is the .apparmor file, which describes what permissions the packages requests from the system.
Here we see that this app is indeed confined, and it only declares the content_exchange policy group. This means that the app will not be able to access the network at all, because the networking policy group is not included in the apparmor.
-
@arubislander Thanks for the information, something like this is what I was looking for.
-
@RandomUser
The guy is super motivated and the app is evolving very quickly. It has already caught up with Focal and promises to evolve even further.
Really great! -
To be fair, this is a valid concern. I wonder if it's a good idea to notify users when an app update changes or adds new apparmor policy in the new version.
