Mysk🇨🇦🇩🇪

Just like its #iOS version, this #Android authenticator app sends scanned QR codes to a remote server. It has been downloaded 500K+ times. It's among the top 5 hits when you search for #2FA apps on @GooglePlay.
Spread the word and warn your friends✌️

#Privacy #InfoSec #CyberSecurity

Feb 25, 2023 at 8:10pmWeb
Show threadSecunergy 🐧Feb 25, 2023

@mysk Why would one use an authenticator app which is not #opensource ?

I simply do not get it

Show threadBlake LeonardFeb 25, 2023
@Secunergy @mysk Convenience/laziness. The type of person that downloaded this app instead of Google Authenticator, a Name Brand free app by a "trusted company", isn't the kind of person who has even heard of open source, or free software.
Show threadSeanFeb 26, 2023
@Secunergy @mysk Normal people don’t even know the phrase “open source”.
Show threadoldherlFeb 27, 2023
@Secunergy @mysk Many websites/apps don't allow third-party authenticator, you have to use the specified (non-free) one provided. Besides, it's hard to search for free software apps not on F-Droid.
Show threadSecunergy 🐧Feb 27, 2023

@oldherl @mysk Fair point with F-Droid, easier on iOS with Raivo

I never came across a service which wouldn't allow third-party authenticators

Show threadRenato RamondaFeb 28, 2023

@Secunergy @oldherl @mysk especially since it's pretty much impossible. Not if they use TOTP 2FA.

I use an open TOTP app for my company's Microsoft account. You don't get more proprietary than that. And it still works.

Show threadPseudo NymFeb 25, 2023

@mysk Suggestion: Recommend that you edit the post and remove (or at least defang) the direct link to the play store.

Flag it, grab screen shots and names, spread the word, but linking to it directly just increases the chances of someone downloading and installing it accidentally.

Show threadCarl Feb 26, 2023

@pseudonym @mysk

yes! I wasn't sure if OP was warning or recommending!

Show threadMysk🇨🇦🇩🇪Feb 26, 2023
@carlt4 @pseudonym Seriously? How would this sentence be considered a recommendation: "Spread the word and warn your friends"?
This is a warning and a serious one. I'm sorry the wording wasn't clear. Thanks a lot for the feedback.
Show threadCarl Feb 26, 2023

@mysk
@pseudonym

I guess I overlooked that sentence! Was distracted and my eyes jumped to the store links, wondering why someone would link to a shady app.

Show threadMysk🇨🇦🇩🇪Feb 26, 2023
@carlt4 @pseudonym Thank you! I removed the links.
Show threadmartcraftFeb 26, 2023
@mysk any good alternatives? I'm currently using the Google Authenticator but I'm not sure if that's safe either
Show threadj.r / JulianFeb 26, 2023
@mysk did you report this to Google?
Show threadSimon BrookeFeb 26, 2023
@mysk why anyone would use a 2FA app that wasn't open source I cannot imagine.
Show threadMysk🇨🇦🇩🇪Feb 26, 2023
@simon_brooke Because both the App Store and Play Store show these scam apps first when one searches for 2FA apps. Here, I just took this screenshot:
Show threadssɐquʞunɹpFeb 26, 2023
@mysk I hope they use better security on their backend 🫣