No matter if docker repository called “hub”, Google’s App Store “PlayStore” or Apple’s App Store they are ALL facing the same security problems:


what if…

  • a malicious actor uploads an App or docker container that is totaly fine (passes all checks)
  • later makes this app load malicious code from remote or pushes a malicious update?

so apps can not be trusted per default

  • less apps = more security
    • what is true for PCs is true for smart phones
      • whoever installs banking apps next to “free games” might find bank or bitcoin account robbed sooner or later
  • convenience + efficiency vs security:
    • which makes usage of course more complicated as per default ALL access (to internet and to camera) should be disabled
    • it is convenient and maybe even efficient to be able to do online banking with a smart phone only (TAN generator AND banking app on the same phone)
      • but: if online banking was done via browser and only TAN generator was done via smart phone, security is increased, unless there is something massively wrong with the DNS system 😀
        • which brings again the question: how safe are the “basics” of the internet? (like a TCP connection, like DNS, like Mail)
        • which brings up the solution: screw DNS, every bank needs a dedicated IPv4 or IPv6 to be able to offer online banking services and users NEED to be instructed how to use them safely (do not bookmark the, bookmark the IP address and only use that IP address for connections)
          • the reader won’t believe how many users are actually “googeling” their way to the web based online banking login, which sometimes might be a well done fake site
            • which makes bank rely more on apps than on web
              • which is not the right solution to the problem X-D
                • sometimes the solution is: user either is required to pass some basic training and stick to some rules or user can not use the program, because it’s simply too dangerous

so every update…

  • would have to go through rigorous testing
  • there should be a whole bunch of crowd testers who get special wifi boxes that monitor every connection of the phone separately and if anything suspicious is going on, if one tester reports scam, it will have to be looked into quickly by a dedicated staff and then this app or this connection of the app needs to be blocked on a world wide basis 😀

software minimalism (again) for the win!

have phun! 😀

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!