By engineering a backdoor. iOS for example does have an on-device enclave wherein a secret can be generated and the app can never know that secret, but that flavour of enclave isn't used with nostr apps (obvious since you can copy out the nsec, meaning the app can always pull it from the chain in raw form).
The source code is only as good as the latest version. Also you can't prove an update of an app on the App Store was generated from the latest github commit, even with an easily reproducible build (it's not cryptographically attestable, a lot of Malcoms in the middle). And a rogue employee would always make sure to publish a clean commit regardless, or simply push the App Store update sans a commit.
If that all went down then the app, via a roundabout series of obfuscated methods, would be programmed to act as if the user was copying out the nsec without the user having done so (or having done something else), then intercept the nsec, then attempt to disguise it as regular traffic, or send it out to a hidden endpoint, or write it to a log file that is then exfiltrated, etc., and do this for as many users as possible. (Or just wait for each user to actually copy it out and intercept it then, if playing it more carefully.) Something like that.
Apps being able to copy out raw nsecs just isn't great, even (currently) trusted apps.
Joe
npub1hy…wtqnx
2025-05-25 20:20:45
in reply to nevent1q…k6rf
Author Public Key
npub1hyxredcavc6ruqgsf4wf4hmakpwnvefmzaspl7dja6a2sxlx0q3sxwtqnxPublished at
2025-05-25 20:20:45Event JSON
{
"id": "5b2823a951698e8b8c528b1da1455834c3061e73ba7ca2a1f4ddbb7bdf060c90",
"pubkey": "b90c3cb71d66343e01104d5c9adf7db05d36653b17601ff9b2eebaa81be67823",
"created_at": 1748204445,
"kind": 1,
"tags": [
[
"e",
"a9f8bc7f368db5229acb98639f29042aefc4b66077b5d23f1039be78d7e883c0",
"wss://relay.damus.io/%20wss://relay.notoshi.win/%20wss://nos.lol/%20wss://relay.siamstr.com/%20wss://relay.0xchat.com/%20wss://nfrelay.app/%20wss://relayrs.notoshi.win/%20wss://relay.nexterz.com/%20wss://fenrir-s.notoshi.win",
"root",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"e",
"ff5aa59ef526a15e4a1ae664004ee6a6f468c747c2211261804ff7f94f885832",
"wss://relay.damus.io/%20wss://relay.notoshi.win/%20wss://nos.lol/%20wss://relay.siamstr.com/%20wss://relay.0xchat.com/%20wss://nfrelay.app/%20wss://relayrs.notoshi.win/%20wss://relay.nexterz.com/%20wss://fenrir-s.notoshi.win",
"reply"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93"
],
[
"p",
"ec003d5ee5101019f1bb8c586e9654adba913efc16f02051c39758694f70becd"
],
[
"p",
"d30e8b517e553e4cc11960031ac29b1e7ce8f3c46fb6969671a49ea4bca5c0d8"
],
[
"p",
"ec003d5ee5101019f1bb8c586e9654adba913efc16f02051c39758694f70becd",
"wss://nostr.oxtr.dev"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24",
"wss://a.nos.lol"
],
[
"p",
"b90c3cb71d66343e01104d5c9adf7db05d36653b17601ff9b2eebaa81be67823",
"wss://relay.primal.net"
]
],
"content": "By engineering a backdoor. iOS for example does have an on-device enclave wherein a secret can be generated and the app can never know that secret, but that flavour of enclave isn't used with nostr apps (obvious since you can copy out the nsec, meaning the app can always pull it from the chain in raw form). \n\nThe source code is only as good as the latest version. Also you can't prove an update of an app on the App Store was generated from the latest github commit, even with an easily reproducible build (it's not cryptographically attestable, a lot of Malcoms in the middle). And a rogue employee would always make sure to publish a clean commit regardless, or simply push the App Store update sans a commit. \n\nIf that all went down then the app, via a roundabout series of obfuscated methods, would be programmed to act as if the user was copying out the nsec without the user having done so (or having done something else), then intercept the nsec, then attempt to disguise it as regular traffic, or send it out to a hidden endpoint, or write it to a log file that is then exfiltrated, etc., and do this for as many users as possible. (Or just wait for each user to actually copy it out and intercept it then, if playing it more carefully.) Something like that. \n\nApps being able to copy out raw nsecs just isn't great, even (currently) trusted apps. ",
"sig": "6e2be5cf7c719e743ea0c9df69ac6562739be1e05bd8bd54de0059a2293f9f3b3f4b5b5835cc1d0fc4cd56cb034239ea7a9d03cab24938f45888befd7161f180"
}