Mastodawn

Shouldn't the #GovtNZ mobile app be open source? So that at least citizens can re-build it to make it work on their own terms, even though they may not distribute supported binaries that are locked down? Build versions that work on the likes of LineageOS, GrapheneOS or others. Versions that are distributable via F-Droid or other app stores. Versions that are potentially stripped of telemetry/phone home functionality.

**At a least,** code that can be audited, verified and (re-) built to assure it doesn't contain 'bad stuff'.

After all, it's been tax payer funded.

#OpenSource #NZ #AotearoaNZ

Guy Apr 21

Frustrated the Govt.NZ mobile app for Android won't work on my (much more secure) @GrapheneOS
Android phone, because they use Google's device attestation and/or play integrity API. It's likely much more secure than either bloated and/or outdated devices with Google sh*t.

There's not even a benefit in it AFAIK to raise the degree of security. What *extra* security would that give they're not already getting without it???

It would be nice if someone (who is pro-attestation/integrity) could *actually* describe a true threat vector that it prevents. So far, it's just corp orate bullying, and people buying into it as it's being sold as an additional security feature.

#GovtNZ #SecurityTheatre