However, (e:Paul) brought up some misgivings about why EZ drop (File Sync) needed an external site to make this transfer. I echoed these questions in an edit to my earlier blog.
Well, I can tell that (e:strip) is being picked up by google because I received a message directly from the developer of EZ drop (File Sync)! I think it is worth reading through his responses:
Responses from the EZ drop (File Sync) developer, David
Hey tinypliny!
My name is David and I'm the developer of EZ Drop. I noticed your comments on the app and wanted to give you some answers to your questions. :) I made this app just to help people transfer files devices more easily so people wouldn't have to set up servers, etc. The dropbox app was requesting so many permissions I thought something more light-weight would be appreciated.
I have heard feedback about security-concerns and have taken it to heart. Since the file transfer was being done over plain HTTP, and have since added an SSL certificate to the site (you can click "secure" at the bottom to access it). SSL transport encryption will also be added to the app soon.
I had said in (e:tinypliny,56229): "it's also somewhat non-transparent"
And the EZ drop developer replied to this:
I will put up an "about" page that describes exactly how the file transfer is done so that people can understand what's going on under-the-hood. Basically, you temporarily upload your file to me, then I send it to your device. Whether you are sending from your android-to-PC or PC-to-android, the process is the same.
"Why do you need to go to an external site ez.dropper.co and get a code? "
The code is the secret key that links your computer and the android device. Alternatively, you would have to log in with a username/password. It's just a simple way for the server to know which device to send the file to.
"What other data does this application collect from your android device?"
I don't collect any information about your android device or your computer, I kept the required permissions in the app to a minimum exactly for this purpose. The only permissions required are internet access and SD card storage, just enough to let you transfer the files. Files that are transferred are deleted within 24 hours. I've also put up a "privacy" page regarding this.
Thank you for trying out the app and posting your comments. Your feedback goes a long way!
Thank you, EZ drop David, for stopping by my blog and then taking the time to send me a detailed message!.
Well, I don't see any reason why such level of honesty and earnestness should be doubted! And I have to admit that EZ drop made my life easy when I was really struggling with the Apache set up (I am sure I was missing some configuration details but I didn't have the time or experience to troubleshoot.)
An additional advantage of EZ drop (File Sync) is that unlike other methods, it actually makes it easy to share files with people outside your wireless loop or LAN network, by sharing the PIN/code. You can share files with people say, across the globe. That's pretty nifty. With this responsive a developer, I have no doubt improvements to EZ drop will be fair and fast.
Okay it only has a 4 digit pin so the system is trivial to crack. I would definitely not use it for anything secure unless encrypted.
I can't believe httpd defeated me either. I will try again when this writing-submission phase is over. I am determined to set up a working home server.
He sounds very nice. Its great that he is clear about it. With a bunch of non-secure PDFs no big deal but I would never use this for anything involving secure data unless you are pre-encrypting with something like trucrypt or luks. Then maybe it would be okay.
Otherwise there is no way to know that your data is not be combed through when proxying through his server. Even if he isn't doing it and is super nice, what is to say that his setup does not compromised, that the data is not compromised along the way (esp for people still using http) etc.
I still can't believe you can't set up httpd. You've done so many much more complicated things.