No F-Droid, no trust. It doesn’t matter how strong the cryptography is, if Google or the government can trivially deploy a backdoored version. It also brings into question Signal’s own credibility/trustworthiness, as this is an obvious and well-known flaw that they’ve refused to rectify, and have made bogus arguments to justify their decision.
I understand what you’re saying here, and I agree, BUT…
I think it’s also important to understand that signal is also a company that, at some ooint, needs to make money from somewhere to do this awesome thing and they won’t get that limiting themselves to an obscure app store that maybe 1 in 100 users even know about.
I also highly doubt that Google would modify the signal binary with a backdoor. When that happens, truth will come out within days and it would severely damage Google’s reputation, and at least the EU would be screaming bloody murder to push new stores from independent providers immediately. It would end bmvery badly for Google, so I think there is honest doubt about that argument.
So yeah, they should at least ALSO host a version in fdroid, give users the option where to install it from
The entire thing of limited app stores is just absolutely removed in the first place, it’s nice and easy (taken the idea from open source there) but implemented in a way that only AND ONLY benefits the vendor Google. Or apple, same shit, different name.
Phones should have an operating system where you can add app stores to. Linux phone, here I come!
Here’s a good article with some context around the F-droid situation, and why Signal is full of crap.
I think it’s also important to understand that signal is also a company that, at some ooint, needs to make money from somewhere to do this awesome thing and they won’t get that limiting themselves to an obscure app store that maybe 1 in 100 users even know about.
Signal is a non-profit and backed by a billionare. Tbh idk what their financials look like, but they don’t seem to be in a difficult funding situation at all.
I also highly doubt that Google would modify the signal binary with a backdoor…
They definitely wouldn’t do it for everyone, but if the FBI comes knocking at their door and tells them that they need to access a specific person’s Signal chats, deploying a backdoored update to that individual is easily within Google’s power. It’s extremely likely nobody would notice, unless maybe the target is a security researcher or something. And IMO even if the info does come out, most of the blame/consequences (if any) would fall on the government, not Google.
Considering everyone is being labeled a “terrorist” nowadays by this whackjob administration, this type of scenario seems increasingly likely to me.
All this and a screenshot makes a copy. It’s an amazing technical achievement, though. But the use case is a bit of a stretch, just like NFT’s… I’m not about to give kernel lock screenshot blockers room in my devices… and encryption is solved for banking use etc. I’m probably missing a lot though
