Ask HN: What is the purpose of scalpel being a part of a video app?
I am investigating a cross platform video app that has multiple dark UX tactics, and when I was browsing the 3rd party open source code disclosure, I noticed scalpel was on the list.
This may be a 'everything looks like a nail when you have a hammer' moment since I have been immersed in penetration testing, but I have only known scalpel to drill into disks and analyze file systems for recovery/forensics. Is there a legitimate use for including scalpel in production code for a video app? Is the app store code review thorough enough that I am being overly paranoid?
I have started gathering Xcode debug output and proxying the traffic to learn more but figured I would see if there is an easy answer from people who are more familiar with app development. Thank you in advance for any input/advice.
4 comments
[ 3.1 ms ] story [ 24.4 ms ] threadPS: Why not just mention the video software's name? This is entirely too vague to give any sort of decent answer.
My best guess is that it is being used to carve out portions ("cuts") of a video file.
The app is very sophisticated and they do many dark UX practices so I wanted to do some forensics under the radar before compiling an expose, but it is CapCut. It is integrated into TikTok fairly deeply and contains many nasty UX decisions that TikTok used to have before they were called out on it so I am suspicious. Just curious if there is any legit reason to have scalpel be included in the 3rd party source code disclosure.
Somewhat related link: https://www.dhs.gov/sites/default/files/publications/508_Tes...