Replying to Avatar Tatum Turn Up

Random question that I just thought of out of pure curiosity:

Say I download Damus or another iOS client with my Apple ID that I’m required to use to download apps. Explain to me like I’m not a Dev how my newly generated nsec is not tied to my identity (at least my Apple ID) or any network that I’m using. Because in my head it makes sense that it could be linked one or both of those ways, but also I’m stupid.

Genuine question out of curiosity.
Avatar
Fabian 2y ago

If someone can login to your Apple ID they can find your nsec if the app:

- stores the nsec in keychain and you have iCloud keychain enabled

- stores the nsec somewhere else on device unencrypted and you have iCloud back-up enabled

So to keep your nsec safe keep your Apple ID safe, or disable iCloud.

Also technically Apple can always get your nsec by pushing a malicious update to your device, but this is very tinfoil.

Reply to this note

Please Login to reply.

Discussion

No replies yet.