....
Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.
Because if you leave Friday and don't come back Monday people are going to start looking.
IF someone does notice the code change and they come looking for you it's good to be someplace else.
Might as well be a beach on a tropical island with no extradition.
So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?
Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.
Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]
But, Mycelium, Electrum, etc. If they do they don't talk about it.
I would love for one of them to actually do some epic security measures and be somewhat upfront about it.
-Dave