3 comments

[ 3.8 ms ] story [ 16.1 ms ] thread
Is source code for the encryption available? If not, nothing is proven.

Either way, its a nice idea.

I agree, please provide the source code ...
I hope you can appreciate that open-sourcing my app has a number of implications for its viability in the App Store. A devil's advocate might even argue that wide publication doesn't always guarantee security, as was the case with Heartbleed.

If it helps, internally I used the iOS framework APIs for AES/RSA directly. I didn't attempt to implement them on my own. What I built was simply an abstraction on top of that. Granted, I understand that there are still ways to go astray, but certainly less if I fundamentally rely on what the crypto experts implemented.

So, to address your concerns, what if I got a commercial security audit? Can you recommend any places you would trust?