Skip to content

Concerns about security of electron apps #1214

Open
@ricardovsilva

Description

@ricardovsilva

I don't know if this is the place to start a discussion about that. But I'm really concerned about the security of electron apps.
As I could see in some PRs, we have a lot of apps in the page of electron that are closed source. And the problem is with the ones that asks for credentials.
For example, I really loved the idea of Biscuit, from @agata , but I'm not convinced at all that I should use this one since no one really reviewed the code.
Let's me exemplify:

  • The first time you run biscuit it redirects you to login with your google credentials:
    image

And yes, I totally understand that the app needs to do that in order to provide the functionality purposed, BUT, how can I really know or have some kind of trust that the app is not getting any kind of data from me?

My suggestion is to not allow closed source apps that require user to input some kind of secret or that is a browser.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions