I have this theoretical question: My app “Zignals” will come (in the distant future) in two variants: android app and a desktop app (java).
Lets say the two use the same app ID “org.safenetwork.zignals” when authenticate. Will they be treated as one app by the network, i.e. will they have the same mdatas visible/writable?
4 Likes
Yes they will. The authenticator will recognize the application and it will return the same keys that were used in the mobile version.
- The app’s public key will be the same. And this key is already in the MData’s permission list so it can fetch the data.
- The encryption keys will also be the same so you can decrypt anything that was encrypted in the mobile version and vice versa
6 Likes
This seems similar to a question I posed recently…
I think there needs to be some mechanism to stop impersonation, whether signing by the app’s author’s safe id, by some arbitrary developer’s app private key …
1 Like
I was about to ask the very same question as you 
The problem with signing is that it requires central authority to verify it…
Lets see what potential solutions will pop up.
2 Likes
Well, maybe I’m misunderstanding things… but isn’t SAFE the authority? The author should be able to publish some public identity. The SAFE Authenticator could read the executing assembly’s signature (not sure how this works with non-Windows) and find the public ID that matches it, and then display to the user in the Authenticator something like “yo this program is signed by used <author’s safe id / public profile> do you trust them?”
Perhaps there could even be a public registry of [program ID] to [user ID] mappings that people can vouch for… hmmm mebbe?
1 Like