ubuntu-phone team mailing list archive

[Robert Park <robert.park@xxxxxxxxxxxxx>]

On Thu, Jun 4, 2015 at 2:07 PM, Krzysztof Tataradziński
<ktatar156@xxxxxxxxx> wrote:
> Hello,
> I don't have to much knowledge about programming, so here's my question:
> how can we know that unofficial bank webapp don't send our login and
> password somewhere else also (i. e. to creator of that webapp)?


This is a really good question, and I suspect that the answer is that
you have no way of knowing that ;-)

The only thing you can really do is audit the source code yourself.
Thankfully, if the webapp isn't sending your password off somewhere,
the app should be really trivial. Eg, I am the author of a banking
webapp, and you can see the code here:

https://github.com/robru/coastcapital.click/tree/master/click

There literally isn't any code, just some json to declare permissions
and then a .desktop which launches the browser on the right page.