All roads lead back to the only people who can stop the problem they created.This report was assisted by:Nick Devor at Barron's - https://www.barrons.com/art...
No, the app is completely open source and has reproducible builds. And the site you are accessing only gets the information it requested, and you see which information it requested in the app before scanning your ID
Now you are starting to sound like you know what your talking about. But I’m not convinced yet. So when the app sends just the requested data to the site, how does the site verify that the data is legit. A person could fork the app and hack it. I am sure they thought of this, I just don’t know what thier solution is. And I can’t read german.
No, the app is completely open source and has reproducible builds. And the site you are accessing only gets the information it requested, and you see which information it requested in the app before scanning your ID
https://github.com/Governikus/AusweisApp
Now you are starting to sound like you know what your talking about. But I’m not convinced yet. So when the app sends just the requested data to the site, how does the site verify that the data is legit. A person could fork the app and hack it. I am sure they thought of this, I just don’t know what thier solution is. And I can’t read german.
(NotOP) these things will usually use cryptographic signatures and if the app has been altered, it’d fail the check.
No clue what they are specifically doing though.