Third party phone apps - Security concerns

Currently reading
Third party phone apps - Security concerns

Chavilan

Chavilan

3
0
NAS
DS 720+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Hi everyone, I am quite new on Synology,

I have download the 'DS Manager Pro' app for my iPhone, it looks brilliant but I have a big concern, I am not sure how safe it is give user/password to a third party company, could it be a security problem with this? Would it be better to create a specific user with limit permission for logging with those kind of apps?

Thanks in advance.
 
Hopefully someone that uses it can explain how the login credentials are stored and if it uses direct or mediated access (i.e. is it a frontend to a hosted monitoring service). Are the login credentials provided to a third party or is it that you don't know if they leave the app, even when used for direct access? Valid questions and really have no choice but to take the developer's word for what is happening.

I have the same thoughts as you, so for the Synology NAS I use their apps and web interface for management and monitoring. However, I do use other apps to access file shares, with standard user accounts.
 
I have DS Manager pro. I think the only calls it makes are to the AppStore and it’s done via Akamai. Might be to verify the app and the purchased options. I see this on my AdGuard log.

Unfortunately, Akamai is huge and tends to be everywhere. A lot of things break if one tries to block Akamai. For example, access to the AppStore breaks if it's blocked. So I think Apple is using some of their "Intelligent Edge" services.

It's worth mentioning that the developer's privacy policy on the AppStore states that no data is collected. If I'm selling such an app, I'd be stupid if I try to betray my clients trust by collecting their devices credentials. It would be devastating to my reputation and credibility if discovered.

I'd be cautious of apps that request things that don't make sense. I had a stupid IP camera app that asked for contacts and location access. Yea right. I didn't grant this to my bank's app let alone giving it to a camera app.

P.S. your NAS is capable of running Docker, so you can install something like AdGuard or Pi Hole. And if you’re new to all of this, take a deep breath and hop on the roller coaster, so much to learn and discover. Welcome aboard :)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

Blackbeard2168
Third-party repos
regarding the DS218j and your initial request: for a testing purpose of each useful possibilities (syno or...
Replies
7
Views
2,579
jeyare
jeyare
N
Auto uploading of phone pics to DS1621 whilst connected via home WiFi
You can use DSFile, Synology Drive or Synology Photos for uploading photos. You can select the source...
Replies
5
Views
799
Digital_Bandit
Digital_Bandit
Cobra
Just upgraded now cant login to Synology Photos on phone
I just installed DSM 7.0 and tried logging into synology photos with the android app. I used the same...
Replies
0
Views
5,750
Cobra
Cobra

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top