There is no guarantee that this software will not occasionally start acting as a keylogger. If somehow this happens (let's assume not intentionally), will it be the direct responsibility of the author?
Legally, there is no entity behind that responsible for privacy (1), and honestly, I don't see even minimal reason to trust this software from a legal perspective.
There's no reason to trust it from a technical perspective either. The app is unsandboxed. Easy enough to check from the CLI.
Apple provides a network client entitlement[1] that sandboxed apps must have, to connect to the network. Since this app isn't sandboxed, that restriction doesn't apply.Personally, I only use software that was either built on my machine or downloaded off of the Mac App Store (MAS apps have the be mandatory sandboxed).
[1]: https://developer.apple.com/documentation/bundleresources/en...
Most of the time, both legal and technical misalignments walk together. Thank you for noticing this.
Isn't that true of all software? How do you know that grammarly is not already doing that your data is transmitted to their servers after all.
Not at all. Most commercial software has a publisher (as legal entity) that is responsible for privacy and takes reputational risks if something goes wrong.
So does this, it says at the bottom "© 2025 Runju Huang". Mister Huang is publishing this, presumably, he would be responsible for any wrong doing.
Is your objection that he is distributing this by himself, instead of through the app store? Or that it appears that he is doing it as an individual instead of a company?
Sure, it's a little sketchy, it's a guy with a website and a privacy protected domain and that's about it. But if anything were to happen you would be suing the developers of refine.sh.
I guess I do see your point though. For my software I have indeed created a legal entity and can be easily looked up.