Those are good points to make, Shylok. That’s where the beauty of open source comes in. It both sets out to solve problems, but comes with a whole set of problems in it’s own right.
You can review the entire piece of software in it’s entirety to make sure it’s not sending info to la-la land. Even if it’s all over your head and you can’t make heads or tails of it, you can watch how the community responds to the code and decide if you want to use it or not.
The open source community is cutting edge. It moves faster than the bureaucracy that SmartThings/Samsung/Ect proper would have to go through in order to vet it’s products. If you want to fully rely and trust in them, wait for them to come up with their own solution, but as of right now, they don’t offer one. The problem with that is every John Dick and Jane has a patent on every idea imaginable, and apps that SmartThings/Samsung release will most likely have to abide by those sets of rules. I know if SmartThings/Samsung ever closes their developer APIs or stops innovating, I’m switching to another solution. The community supplied apps have made my life a whole lot move convenient.
You are currently in a forum that is geared to the open source community. That’s what SmartThings was originally created about, and created for. If you want everything to be vetted, stick with the apps that you’re able to install directly from your device, and you’ll be fine. If you wanted a bureaucratic product, try Lowes’ Iris system.
When you purchased a SmartThings hub, all this information was readily available. SmartThings never surprised anyone with thier opensource and opengraph mission.
"A malfunction gives access to your home and family"
Yes and no. It’s your responsibility to keep tabs on the status reports that the application gives to you. Don’t create any rules inside of apps that if they failed to execute, would create a security vulnerability. Bottom line is, a good developer will keep failure in mind, and fail gracefully
A failure should leave your house more difficult to get into… not easier. I tell all my tenants not to rely on the codes that I give them, and to keep a traditional key on them if all else fails. The battery can die in the unit and you’d be locked out, no app can fix that.
When all else fails, ask the community. Is this app doing something nefarious with my device? I’m with you, better safe than sorry. I would not install anything that was in a private repository, or something that you would have to pay to get access to. The community is your friend, obscurity is your enemy.