Sort:  

The problem I see with this is that:

  1. It cannot be verified that the private key is not accessed in the closed-source components of the application
  2. It cannot be verified that the open source component was actually used in the build published on the app/play store

Would be great to make this fully open source.

Agreed. Especially considering @steemapp is already looking to make $8k on a PROMISE of an app which is fully reliant on open source and freely available blockchain software. And they stand to keep earning a lot by posting updates about the app long into the future if they do a good job. So, @steemapp, what is your reservation in terms of making this actually open source?

Hi @nonlinearone. I wouldn't say we have "reservations" about open source at all. We are gauging the reaction here (it's only been 5 hours) to see how people feel about Steemy. I'm shocked to see all the positive supporting comments! We weren't quite sure what to expect... but we are very much in heads down, crack a second red bull open mode and are open to ideas from the community and others. Definitely a discussion to be had here, just not sure the best way to handle it yet to be honest. Thanks for the feedback! We look forward to updating the community.

so? they can't profit from time and energy spent? People SHOULD be payed when they put work and effort into something. You could have done it. Instead you are here moaning about someone working hard and making a dolla. Every hour spent not earning money by working put into this project the deserve rewarding for. Food and shelter is not free.

@riensen, I agree skepticism on security is always the best approach. I do think that so long as it is clear the password(key) typed(inputted) into the program is immediately used to produce a hash and is not left on device cache or memory in any way; than the rest of the programming accessing this hash will clearly not have the ability to transmit a future usable password(key) to any party. If the temporary hash was somehow transmitted to a malicious 3rd party you could simply log out of the app and into the Steemit website within 12 hours to undo any fraudulent activity. If you have a key file on your device and you are concerned the app might access that file at times not given by the open source code, one could simply move or delete(with a backup elsewhere) the file after its allotted time of use...

Coin Marketplace

STEEM 0.19
TRX 0.19
JST 0.033
BTC 89479.36
ETH 3038.26
USDT 1.00
SBD 2.80