DS Manager Pro iOS app

[Appsley]

My fear with this app (and any similar apps) is that by using it I am potentially giving my login details to an unknown person. This is too big a risk - what guarantees are there that this software does not capture all of this information for a future ransomware operation.

Even if the developer were to state that the login details were encrypted in a local container I have to take it on trust that is correct. I would just about trust Synology with potential access to this information, but some third party? No way.

Since I have personally created an iOS app for similar reasons, I do understand you. I have developed a replacement application for DS Get (DS Download Manager). The existing apps in the App Store didn’t look wel and very bloated.

Since I am a bit more technical, I inspected all network connections these apps make. A lot of these apps connect to a lot of other third party analytics libraries. My point is: you could find out fairly easy how legit an app is.

In the EU (where I am based), privacy is extremely important. There are huge fines for leaking data (even on accident). My application only logs potential crashes/problems within the apps. Without any of your login data obviously. Crash information contains the place in code where the application went wrong.

Btw, if you only use an internal IP to connect to your DSM, your login data is useless to begin with. So you would be pretty safe either way.

 

[HappyDays]

Thanks for your considered reply.

Fines are only of any use against legitimate bodies - crooks will do what they do, whatever the legality of it, on the basis that they don't expect to be caught, and most often are not, as much as anything because the law enforcement agencies don't have the staff or the expertise to catch them.

Furthermore even legitimate organisations can be (and quite often are) hacked.

I may in your eyes be excessively cautious, but one thing I try not to be is complacent. This may mean that sometimes I AM over-cautious, but you never know whether you are or not until too late.

You say that I could easily find out how legit an app is, but finding this out is much too technically involved for maybe 99% of people.

I hear the internal IP point, but that does depend on how secure your internet connection is.

 

[Appsley]

For sure some of the users checkout any app on a technical perspective. I’m not saying they are decompiling an app, but for sure looking at its network traffic. I agree that most people don’t know how to do that. Let’s then say the 1% (like me) does that. It's as easy as writing the agency responsible for privacy in your country, or even Apple to bring down malicious apps.

I’m not necessary saying you are overly cautious, I actually think you are right to be cautious. I’m trying to give you a perspective of a developer. Usually if an app is free, you are paying potentially with your data. If you pay for an app, it’s more likely to be legit.

I think if a person is able to hack your network, they can probably also access your DSM without you entering your password in a random app . To be honest, no-one will spend the time on some random person that uses DSM.

By the way, I think, reading your messages, you seem be a intelligent person. I’m curious if you would succeed capturing network traffic using a proxy application like Proxyman or Charles.

Anyway, being cautious is good .

 

[HappyDays]

I am sure I could work out how to use a proxy application, I just don't have the time to do so because I have a very busy business to run.

Like most people I need this stuff to work and I need to keep it secure, but beyond that I just don't have the time to play around, interesting though it would be, with the deeper and more complex aspects.

 

[Appsley]

Sure I get that. But it’s hard to trust any software, so if you have a way of looking more into it… By the way, you should also be cautious with Synology since they are ran in a certain country .

 

[HappyDays]

I agree, but with the size of their business I don't think they could afford to be anything other than dependable on that front. Any hint of disreputable behaviour would destroy their business.