Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Publish the source code for Ramzor app #4

Closed
emanuelb opened this issue Feb 21, 2021 · 7 comments
Closed

Publish the source code for Ramzor app #4

emanuelb opened this issue Feb 21, 2021 · 7 comments

Comments

@emanuelb
Copy link

The source code for Ramzor app on Android/iOS is not published/open-source, please publish the code in github, thus enabling developers and testers to look at the code and suggest improvements, find bugs, etc..
see related issue in hamgen repo MohGovIL/hamagen-react-native#289
which include source-code for hamagen app, the repo includes 215 issues & 74 PRs.
I opened 77 issues (20 was closed) in hamagen repo, some are security & privacy issues, and would like to check the source-code of the Ramzor app as well.

@kaplanlior
Copy link
Member

We know current MOH plans are to not release Ramzor app as Open Source (contrary to @MohGovIL/hamagen-react-native ). Hopefully enough likes / comments to this issue would change that.

@cool-RR
Copy link

cool-RR commented Feb 22, 2021

If the MOH truly commits to providing a secure and safe solution with the Ramzor app, releasing the code as open source will go a long way towards that goal. +1,000

@bedoron
Copy link

bedoron commented Feb 23, 2021

Please release the code so we can audit it

@svetamorag
Copy link
Collaborator

Right now, there is no plan to publish the source code for the "Ramzor" app. The application is not developed as an open source app, and it contains features that cannot be published without compromise MOH infrastructure or application users. Parts of it will be posted here, like the verification function. But most of the code is not related to the certificates or the verification process and cannot be published here for security and privacy reasons.

@BarYamin
Copy link

@svetamorag,
With enough reverse-engineering, eager developers will be able to find all of the inner workings the app has.

By making the code open-source, you are allowing developers who are not interested in reverse-engineering to give their input on the security & raise bugs, which would otherwise be exposed by people who are mostly interested in malicious activity.

@shevron
Copy link

shevron commented Feb 24, 2021

Now that I know this app's code contains things that make it either too insecure, too buggy or too fishy to be shared by MoH, I probably won't install it.

@ailaG
Copy link

ailaG commented Mar 1, 2021

The application [...] contains features that cannot be published without compromise MOH infrastructure or application users.

If the application is so vulnerable, as you say, that with reverse engineering people may find practical ways to exploit it, then it shouldn't be installed on so many phones. It should be rewritten if things are as dire as you describe in that comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants