Comment by eszed
2 years ago
Just curious, since I'm not really active in this space, but wouldn't the threat model of most concern be that an external actor breaks (maybe an outdated version of) the app or protocol? This would leak data without you or the recipient being any the wiser. It seems like that's the threat the app-expiry policy is intended to address.
You could update the protocol version if and when a protocol weakness is discovered and then stop talking the previous protocol version after a transition period.
No need to continuously expire apps in the absence of a protocol breach.
What if there's a vulnerability in the app itself?
I have no idea if that's what they're concerned about - they may just be being arseholes in this case - but from the outside it seems like a legit reason to build in the capability for app expiration.