obrhoff3d ago
Konstantin 🔭

The repo says this skill is designed to be used for security and research only (right). It's just a question away from you favourite LLM...

So don't skip on securing your server APIs...and I see no other way than using things like device attestation.

DRM baby … everything we hated about the web and mobile we now have to adopt to stay clear from the bots 🙈

#LLM #AI #Slopbros #Claude #Skills #indieDev

Mar 10 at 3:19pmWeb
Show threadDustin3d ago
@iamkonstantin do you think this has only started happening due to bots? I've been reverse engineering so many Android apps to gain access to various APIs 🤣 (for personal projects since the original apps are usually crap hahaha)
Show threadKonstantin 🔭3d ago
@alopix Of course not. The difference is, this is now accessible to anyone who can manage to use a keyboard with at least 2 fingers... and not even that, you can just talk to it.
Show threadwojtek3d ago
@iamkonstantin erm... I feel like device attestation is the wrong way go tackle the issue but I may be wrong ;)
Show threadKonstantin 🔭3d ago
@wojtek There are alternatives, but progressively harder to implement. Both Apple and Google offer the ability to exchange tokens in a way that can verify that caller is the app installed on a genuine device - it's quite easy to adopt. So web/other platforms/non-Google Play Services devices etc then become challenging to support. It's all about trade-offs and remember, as a one-person show, the time to implement solutions like this are quite impactful. Without broader community support that is
Show threadwojtek3d ago
@iamkonstantin erm, I was making a broader comment about "non-Google Play Services" (which for someone desperately trying to not rely on google is rather important)… sadly everyone is pushing towards using PlayStore, especially banks :/