Granted, the part
The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store
is a little ironic, but you gotta push this winning tide and then work from that.
Granted, the part
The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store
is a little ironic, but you gotta push this winning tide and then work from that.
Totally not how the APK teardown community works, but ok.
How does APK teardown help if Google can replace the app unnoticed?
Because there will always people running Signal from a different source, and only one of them is sufficient to notice the server has been tampered with.
(And I’m not sure if they have reproducible builds yet, but if they do, people can also verify that even the Google Play-provided APK does or doesn’t match the published source code.)
Which server?
People don’t control their phone. There is no way of knowing if the installed app is the one that is running.
The server running Signal’s server-side code.
Some do, and that’s the point: if there’s an attempt at tampering, interested security researchers can detect it.
What could a client detect? Signal is a US company and will comply with the government. The server can’t be trusted.
They can detect if a different app was installed from the store on their phone. That’s not useful for anybody to know if their own app is unaltered. Only people of interest will receive a manipulated client. So there is no security in knowing that some people received the original app.
Besides, Google runs the OS. They can change the app at runtime.
As mentioned before, it could detect that the server is not running the published source code. So long as it’s untampered with, and the published source code is trusted, the server can be trusted. And again, for message encryption that is only an additional layer of protection; the messages are encrypted before reaching the server, so even if the server was malicious, it still couldn’t see the contents. That’s the whole point.
I think you’re conflating points here - the detection was about detecting whether the server had been tampered with.
I’m not sure what specifically you’re arguing for, here. It would’ve been nice for Signal to not have been in the US, and it can be coerced to stop working altogether, but your communication is at least as safe as any other app, at least the ones of comparable usability. Or are you’re just saying we’re all lost anyway and we might just as well give up and communicate via public Twitter posts?
How? The clients can only notice if the API works as specified. The server can constantly be replaced without anybody noticing.
So you know the problems of the servers.
See the link I posted before about the secure enclave. (Note that I could’ve been clearer before: it’s not specifically the Signal client app that needs to detect server tampering; any software could.)
So what are you saying? Don’t use anything that has a server? (To be fair, I think it’s a good idea to have pure peer-to-peer apps installed as well, but for most situations that would still just come down to “do not communicate digitally at all”.)