@micahflee I like the warning about adding more complexity to Signal, and I especially like the example of the Intel feature. That is probably too proprietary to be aided by free software hackers in the event of an exposed vulnerability. Even before exposing a vulnerability, there are probably less people allowed to study the Intel code, so there's less chance of someone finding vulnerabilities.

@micahflee *coughs* Signal Is Finally Bringing Its Centralized Messaging with Goggle Surveillance™† blobs in its APK to the Masses.

† github.com/signalapp/Signal-An

@kmicu @micahflee
It's still up to the user if they want to use Signal on a phone that utilises Google's infrastructure. Signal works just fine without FCM/GSF.
And i would be very surprised if Signal actually ships any proprietary blobs. I'm pretty sure it simply talks to a proprietary API, which 99% of users have on their phones anyway (Google Play Services).

@fll @micahflee We don’t need to be surprised cuz we can decompile official Signal APK† and check—blobs are there‡. Funny thing even tho app can work w/o them they still bundle them. I wonder why 🤔

[Sarcasm] of course don’t worry, tapping into a centralized infra of security providers is not a thing. Nothing suspicious in those blobs.
Don’t verify, just trust.

† signal.org/android/apk/
‡ developer.android.com/studio/b

@kmicu @micahflee
So they compile proprietary libraries into the app? Or what exactly? If so, is that necessary to use FCM?

@kmicu @micahflee
I'll take no further explanation as just spreading FUD then.

@fll @micahflee That’s your reasoning?—Ignoring linked resources, explanation what ‘implementation’ (former ‘compile’) does in Gradle, direct links to code and the easy task of downloading APK and de‑compiling it?

Providing a verifiable resources is FUD? Maybe I assumed too much from an account on infosec.exchange.

25b7b627614d9351332e3d8d4ed1726e1979317bce6dc09bdf3a966c1ba9471f Signal-website-universal-release-4.55.8.apk → Signal-website-universal-release-4.55.8/smali/com/google/*

@kmicu @micahflee
You clearly assumed too much. I never wrote a line of code in my life nor decompiled any binaries.

So could you elaborate? What is in that proprietary code?

@micahflee Really looking forward seeing more people use it and ditch Whatsapp.

@tapaniraja @micahflee If only it allowed usage without Google Play, I would probably use it. (Telegram, which I don't regard as secure or private and don't recommend to anyone, is nevertheless usable outside Google Play).

@setthemfree @micahflee This is true. I would love seeing Signal on F-Droid, it needs to get there as well.

@setthemfree @micahflee Even though majority of people use Google Play so I understand why it's there.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!