At Breaks & Ciphers I’m building a secure open-source tasks app. Our day-to-day tasks are some of the most valuable data points to creeps, so I think we should protect them.
I intend to use this as a testbed for what the state of the art is in building, testing, and deploying applications when security and privacy are uncompromising goals.
This may have some measures that seem extreme for a tasks app, but the underlying purpose of this project is to push open-source security and privacy forward. I hope to find where these are most difficult to achieve for maintainers, and publish research and tools to fill these gaps.
Some of the early security design investigations I’m doing are:
- Using Rust + FFI vs app development languages like Kotlin/Swift
- Using cross-platform frameworks vs per-platform development
- Peer-to-peer sync / backup options
- Where to use formal verification
As references, I’ll be comparing other apps that are known for their security:
- Signal
- GrapheneOS's built-in applications (SMS, PDF viewer, etc.)
- Bitwarden
- Apps recommended by Privacy Guides
Let me know if there’s a different app you consider to be the gold standard in secure development!