Subnostr

Depends, if the app is open source you can at least verify the code to check where they store it. Usually an app (unless malicious) will store it in your device's local storage. This is still a lot of work to verify every app, for better security it would be beneficial to store it in a signer app and only have to verify the signer's security, this way you can still "login" to many apps without ever sharing your nsec with them.

minestr.app 1y ago

Even reviewing the code isn't a failsafe method though, as there's no way to verify that the build you're running is the same as what's on GitHub, right? Unless you're building it yourself from source. Either way, better to trust just one signer app.

Reply to this note

Please Login to reply.

Discussion

ABH3PO 1y ago

Yes signed apps are obviously better in this case, and you can verify the build with what's signed.