What you say is generally true for file transfer mediated by server. I am unconvinced it's specifically true for Bump. What I said still stands: security is inversely proportional to convenience. Often security is purchased up-front, paid for by inconvenience. With Bump, you "pay" via an app which uses a coincidence in time and space to "authenticate" you. Such a transaction usually works out, and is probably no riskier than giving clerk you don't know your credit card. (Another place where one gets convenience in exchange for privacy and security.)
In the case of transactions with serious downsides, should they go wrong, then users should be aware where there are compromises in security. Denying the truth of this is to spread ignorance.
Well, I have no idea if Bump uses HTTP and such to do this via vetted methods or if it is really secure in terms of opening your device up to attack vectors. I was making the general point that transferring files between proximal devices by uploading to an intermediate server isn't inherently pointless.
I do not think that Bump is attempting to be secure in terms of keeping your images from being intercepted or that it is right to even describe what it does as "authentication". It would be more accurately described as "client selection". There is a niche of insecure file transfers to be filled though. For example, I sometimes send images to people via imgur, which is completely insecure, but sometimes I'm sending images and I don't care if other people can see them.
That is a very different kind of security issue than one that allows an attacker to control a device, which is the sort that I meant when I said that using an intermediate server doesn't open up security holes.
What you say is generally true for file transfer mediated by server. I am unconvinced it's specifically true for Bump. What I said still stands: security is inversely proportional to convenience. Often security is purchased up-front, paid for by inconvenience. With Bump, you "pay" via an app which uses a coincidence in time and space to "authenticate" you. Such a transaction usually works out, and is probably no riskier than giving clerk you don't know your credit card. (Another place where one gets convenience in exchange for privacy and security.)
In the case of transactions with serious downsides, should they go wrong, then users should be aware where there are compromises in security. Denying the truth of this is to spread ignorance.