Hi everyone,
I’m working on a small iPhone and Apple TV app, and I’d really appreciate your advice from an rclone user’s point of view. The application is Cloud Media Streamer: App Cloud Media Streamer - App Store
The app connects to common rclone backends like WebDAV, SFTP/SSH, pCloud, Dropbox, Google Drive, OneDrive, and Mega. It can open and decrypt folders created with rclone’s encrypted remotes directly on the device, without any server involved.
A design choice I made is not integrating with the Apple Files app. Everything stays inside the app, which avoids exposing decrypted content to the iOS file system and keeps the workflow contained (it includes an internal text viewer, image browser, music player, video player, pdf reader etc…).
Most features are free to use. The only limitation in the free version is file manipulation (rename, delete, copy). Browsing, streaming, and accessing encrypted remotes are fully available.
It can also stream videos and music directly from the remote, including on Apple TV (you don’t have to download the whole file before playing, you can skip to any timeline).
I’d be interested in any feedback from the rclone community about whether this approach makes sense and what you would expect from an app like this.
Regarding the Files app you can do things such as requiring authentication before allowing users to access it and so it can be done in a secure manner too although not required integration for your use case.
Your documentation mentions it requires a login with Google is that to lock the app or provide some sort of account registration? Does that mean the app uses server infrastructure somewhere else to facilitate your apps abilities?
Overall the addition of additional encryption formats seems nice I just would want someone to be credible before I use their app to have access to my secrets especially if the app is not open source or publicly available.
I wish you well and good job finding a niche to bring some utility to I'm sure those additional encryption formats will be useful to several people.
Hello
No unfortunately, creating apps is my job and I need to find a kind of monetization. With open source, anyone could clone my app.
However i understand that it would be more secured to allow people to check the encryption algorithm, so I’m thinking to only make open source the swift implementations of encryptions related files.
"Does your app support non encrypted remotes too?"
"Cloud Media Streamer" is first a classic cloud file explorer. so you can:
access any uploaded file in clear (uploaded with rclone or not)
access rclone encrypted with filename encoded in base32, base64, with or without salt
But you cannot access your files if:
filenames are not encrypted but the content is.
filenames are offuscated instead of encrypted.
This is because of the way it works, i wanted a "no config" access (without the rclone.conf) to keep it simple. so the app detects if filenames could be a rclone encrypted folder with a certain probability. therefore unencrypted or offuscated filenames cannot be detected.
"Your documentation mentions it requires a login with Google"
There is NO server side, no telemetry, nor any communication with anything, only with your cloud.
The google auth, like the onedrive, pcloud etc, is only for accessing your cloud provider files.
There is no account needed (i hate that kind of software): the app does not know who you are.
"I just would want someone to be credible before I use their app to have access to my secrets"
I totaly agree, that what checking app communications with an app like proxyman can be a good thing to check there is no "cal home".
Also as i answered to @rclone-ui , i am thinking of open-sourcing the swift encryption algorithm to be audited.
"I wish you well and good job finding a niche to bring some utility"
thanks
,