I think it's relevant that Transmit is a local native app. There's no hosted app exposed to the internet to hack here. Google made one lengthy process that doesn't fit this use case.
Panic runs a cloud-hosted sync service that syncs your credentials and connection info between different instances of Transmit you may have.
No idea if that's what google is targeting here, but that is a cloud service, that presumably gets a copy of people's Google Drive OAuth keys if they use Google Drive with Transmit and the sync service.
That isn't a factor in Google's decision making. An app is an app as far as they're concerned, whether it's a local client or some sort of hosted service.
exposed to the internet and connected to the internet are different. Exposed implies that traffic originating from the internet reaches the app. You still do have to worry about things like parsing malicious files, but the class of relevant attacks is much smaller and generally easier to defend against.
Everything's connected to the internet, what the OP was talking about was attack vectors and since Transmit is a local app it really isn't one unless your whole machine is compromised, which in that case you're screwed.
mikeocool|1 year ago
No idea if that's what google is targeting here, but that is a cloud service, that presumably gets a copy of people's Google Drive OAuth keys if they use Google Drive with Transmit and the sync service.
bigfatkitten|1 year ago
StarterPro|1 year ago
acdha|1 year ago
MobiusHorizons|1 year ago
dreadlordbone|1 year ago
unknown|1 year ago
[deleted]