When you paste your nsec into an iOS app you're putting your trust in the operator of that app, no matter what code has been open-sourced. Most operators here I'm sure are worthy of that trust. But it is important to realise that this is a human trust situation.
Discussion
Ok fine, I confess...I paste my nsec into mobile apps
does iOS have signers? could help to mitigate 🤔
Even for a signer app you are putting trust in the owner of that signer app.
Though you can take the code and publish it to your own app store account if you have one.
And there are some albeit super complex ways to attempt reproducible builds on iOS.
https://core.telegram.org/reproducible-builds
Remote signing can solve some of this, we're working on that via the cloud route but it still requires some trust in AWS or Intel. (Though I'd argue it's close enough to being trustless.)
I'm building Aegis — a Nostr signer app, now available on TestFlight.
Tested with Nostur, Olas, 0xChat, and Flotilla — all working fine.
Give it a try:
