dlcarrier a day ago

I just download it from the repository. That's not am option on iOS, which is one of many anti-features.

  • aqueueaqueue 21 hours ago

    If the threat vector is the code owner is lying that their app is the same code as the repo, even downloading artefacts from that same report is risky. Even the code itself should be manually read and verified.

JohnFen 2 days ago

They can't. The only way to be certain is to take that code and build the app yourself. If you're downloading prebuilt binary, you have to trust that the author is correctly representing what it was built from.

This is even more true with SaaS, because the binaries used there can and do change without warning.

  • musfk 2 days ago

    If I am building an iOS app and decide to open source it to build trust with customers, it will not work.