Avatar
Andrew 2y ago

Since it's a native app on your phone, the private key would only be stored on your phone. It's web clients where the risk can be, because the private key can be intercepted if it's stored on their servers.

So the scenario to be cautious is a web client asking for your private key without an option to use the nos2x or other extension to authenticate.

Reply to this note

Please Login to reply.

Discussion

3d
3d2091dd... 2y ago

The issue with web apps is that they usually put the private key into local storage. From there it can potentially be stolen with an XSS attack

3d
3d2091dd... 2y ago

I think there are fairly simple ways to prevent this tbh but for now just use an extension