And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site.
It also pings your location every four minutes. But man, a random github is gold. These morons have the full power of the United States at their fingertips, and they use it to… load JS from a random github while tracking you.
Based on how open source currently is funded and it’s a random github source. I wonder if, hypothetically, could iran send the owner a dm offering say $500k and get complete access to the phones of everyone running this app. I could see this being default installed on company phones if you work for the white house or federal government.
Don’t make the github changes noticeable, keep the app working, but for example when it checks your location and sends that home imagine a slight change to also include complete browser history or list of installed apps.
One of trump’s yes men receives a message “do what I ask or I’ll publish that you have grindr installed, your account name, and all the people you swiped right on…” that could give them insane power over the US government.
It also pings your location every four minutes. But man, a random github is gold. These morons have the full power of the United States at their fingertips, and they use it to… load JS from a random github while tracking you.
Can you imagine The United States Government getting hit with a JS supply chain attack due to sheer stupidity? What a time to be alive
It would be impossible to distinguish the malware from the apps intended function
Someone convincing enough could easily just tell them theres an attack. I have a feeling they wouldn’t have any idea how to check.
Bc they used AI to write it. Why random stuff is included in the app for no reason
That would make sense. Ugh
Nerd nit (sorry): if you want to abbreviate “JavaScript” please use “JS” because Java is a different thing. Sorry!
PS thanks for posting the quote
Extra nerd nit: If you want to abbreviate the postscript announcement, please use “p.s” because PostScript is a different thing!
p.s. thanks for pointing out the difference between Java and JavaScript
Nerd alert!
(I kidd, thank you for the correction)
Based on how open source currently is funded and it’s a random github source. I wonder if, hypothetically, could iran send the owner a dm offering say $500k and get complete access to the phones of everyone running this app. I could see this being default installed on company phones if you work for the white house or federal government.
Don’t make the github changes noticeable, keep the app working, but for example when it checks your location and sends that home imagine a slight change to also include complete browser history or list of installed apps.
One of trump’s yes men receives a message “do what I ask or I’ll publish that you have grindr installed, your account name, and all the people you swiped right on…” that could give them insane power over the US government.
Sure, why not. If people were as competent as the movies theyd have already owned the apps data.
Hey, it’s cheaper than a single missile…
Its honestly incredible how dumb these people are.