If someone can login to your Apple ID they can find your nsec if the app:
- stores the nsec in keychain and you have iCloud keychain enabled
- stores the nsec somewhere else on device unencrypted and you have iCloud back-up enabled
So to keep your nsec safe keep your Apple ID safe, or disable iCloud.
Also technically Apple can always get your nsec by pushing a malicious update to your device, but this is very tinfoil.
Fabian /
npub1n0…flahe
2023-11-27 22:59:06
in reply to nevent1q…29wj
Author Public Key
npub1n0sturny6w9zn2wwexju3m6asu7zh7jnv2jt2kx6tlmfhs7thq0qnflahePublished at
2023-11-27 22:59:06Event JSON
{
"id": "4be46c87ededcd584a17c7748c6687c40cbbede123f5c87ee6af69f4977465fa",
"pubkey": "9be0be0e64d38a29a9cec9a5c8ef5d873c2bfa5362a4b558da5ff69bc3cbb81e",
"created_at": 1701125946,
"kind": 1,
"tags": [
[
"e",
"0c00ece8dc25f2aa68aee94859fb0478685d38afef65e39c04a50cce286ef322",
"",
"root"
],
[
"p",
"baf27a4cc4da49913e7fdecc951fd3b971c9279959af62b02b761a043c33384c"
],
[
"client",
"Nostur",
"31990:9be0be0fc079548233231614e4e1efc9f28b0db398011efeecf05fe570e5dd33:1685868693432"
]
],
"content": "If someone can login to your Apple ID they can find your nsec if the app:\n- stores the nsec in keychain and you have iCloud keychain enabled\n- stores the nsec somewhere else on device unencrypted and you have iCloud back-up enabled\n\nSo to keep your nsec safe keep your Apple ID safe, or disable iCloud.\n\nAlso technically Apple can always get your nsec by pushing a malicious update to your device, but this is very tinfoil.\n",
"sig": "004d6a3e051f2ca7d2daedc054db5cf27e58d24f62db2c5fe60a8cb339d480ebcc20f6822dbfd7765dbc1630508ecdf7e7114baa96b9ca30ac3663ffe7fe6b5f"
}