• JesusFistus@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I mean it is possible to audit the data it would be sending out without network access unless the dev has gone out of their way to make it non reverse enginneerable

    • viking@infosec.pub
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      It’s not protected at all, and after reddit crapped out, the dev even released a version with a bunch of security features removed to make it easier for the reVanced team to patch the client so it keeps working with reddit, using your own api keys.

      The whole discussion took place on his official support-discord. I was genuinely flabbergasted he was so cool with people disassembling the app, and even helpful in the process.

      As for data tracking, it’s possible to log it with the duckduckgo privacy tracker, and I confirmed that buying adfree completely removes any outgoing connections to anything but the respective lemmy instance you’re using.

      • TheSaneWriter@lemmy.thesanewriter.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        That’s good to hear, that shows the Sync dev was most likely being honest when he said buying the paid version of the app would completely disable the ad library.