At baseshift.com we're building a solution to this. We generate isolated clones of production databases and expose operational control of clones via MCP (start/stop/reset). This provides agent autonomy for development and analysis workloads without risking production.

We support PG, MySQL, MariaDB, and MongoDB (more coming). We're currently in private beta but we're happy to onboard fellow HNers!

I've been with Google Nexus and Pixels for many years, roughly starting with the Nexus One. Ironically, I switched from an iphone 3GS at the time that I owned for a few months.

After many years of being on windows, then linux, then Mac, then back to linux, now back to Mac with linux on ssh, my conclusion is that user control doesn't necessarily mean a better user experience. A closed computing environment allows for consistency and sturdiness. When you start looking at your phone as a device, rather than as a computer, it becomes obvious.

> Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden

I don't control android in any way. I could read its source code if I really, really wanted to but why would I? I want a product. A device. Would you read the source code of your washing machine? Dish washer? At some point you want to live your life and stop reading anything and everything as if you actually have enough time to tinker with all of it.

> Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money

Meh. 'Significant amounts of money' is subjective. Some would say the amount of money I lost would be a life changer, some would shrug it off as a yearly bonus on the lower end of the scale. Fact is, I had my bitcoin on some version of a pixel for roughly 7 years and never had a problem.

> Mistake #4 : trusting that Apple is making huge efforts to secure their environment.

They made a huge effort to secure their hardware; its some of the best in the world. The thing is they put a ton of focus on hardware security but hardly enough on software / service stuff. In this case, the app store search was compromised by some bots leaving reviews.

Your general theme seems to rely on having access to open source on all levels leads to more security.

This is patently false. For example, the vast majority of smartphones use baseband processors that are not just closed source with closed source drivers, but the ICs themselves are tightly guarded secrets by their manufacturer (probably Qualcomm). There are probably a dozen or so chips in every smartphone running all sorts of firmware you have no access to. Same goes for computers.

In fact, I would argue that Apple's model might be the most secure, because they do SoC, which requires they know far more about and have much more control over the inner workings of every sub component.

Just because an account is newly created does not make their first post FUD. Their story is precisely what happened to me, although for a slightly smaller amount of money.

Gmail / Google are open, the App Store is closed and supposedly vetted and guarded. Apple sells to its customers security, quality, and trust. It’s one of the reasons one pays 2x for an iPhone. All of these promises of a better ecosystem have been broken through this experience.

One of the supposed advantages of the closed App Store is to absolve (to some extent) the user of having to do said due diligence.

Also, it’s not like it’s impossible. Google are doing it well - show me a scam app that’s in the top 10 of the play store for bitcoin, banking, finance etc. Hardly any to be found.

Oh, wait

When I first installed the app it was the first search result. I can't go back in time and prove it because I'm not paranoid and I don't screenshot the result of every search in every app store and search engine.

I reported it. I'm not trying to rally a mob against Apple. The bitcoin is gone.

I'm trying to prevent others from suffering the same fate as me. Based on what I'm reading in the comments here some other people in the world do trust apple app store search results, and I believe they've gained something from my post.

Well, the scammer got CAD $150k out of the reddit guy I linked to and I lost a slightly smaller amount - and we're just two out of who knows how many thousands of app store users that installed this app. I'd say people trust the top 5-10 results quite a lot.

> (2) Do you think a legitimate wallet app will engage in the same black-hat SEO tactics a scam app developer will?

I think all the black-hat SEO in the world should not be able to surpass the obvious value disparity compared to legit apps with hundreds of thousands of installs and hundreds of reviews.

> You can't escape personal due diligence and "it was top ranked!" has never been that.

On one hand that's a fair point and I should've known better. OTOH I think it is legit to trust top app store search results to return quality apps, especially if there is a massive disparity between their quality. The scam app has obvious repetitive spam reviews. The developer's website is terrible and the submit button doesn't even work. This is basic quality control on apple's part. If every single app store user needs to manually vet every single app they install to the proper extent there would be a fraction of a fraction of the installs and respectively, a fraction of a fraction of the revenue.

Consider the extent of lawsuits between apple and companies with app store apps - does it not strike you that apple protects that revenue stream? Wouldn't it make sense to give app store users a sense of trust in the top search results?

Then I figured a legit apple app could generate a wallet and I could transfer the bitcoin between them. Which is what I did. The apple app indeed received it and promptly sent it off somewhere else. What's even crazier is that the apple app shows this info! You'd expect the scammer to hide the scam but I suppose it just made it easier to pass the app store inspection.

The question is why is the scam app the #1 organic search result? For a new app with such scammy reviews and questionable metadata I would expect it to be #30 in the list. For context, the app store reports the scam app as #85 in all finance apps.

What's crazy is that a scam app is the #1 organic search result for 'bitcoin wallet', above blockchain.com and coinbase.

I get that I've failed to vet the app but honestly, how does a scam app become the #1 organic search result (not promoted) in the app store, topping binance, blockchain.com, and coinbase?

EDIT: linking to a screen recording that includes this post and comments of no repro:

Before removing the app - https://streamable.com/q2mulu

After removing the app - https://streamable.com/y5nhy7

Comments URL: https://news.ycombinator.com/item?id=39685272

Points: 242

# Comments: 150