@micahflee *coughs* Signal Is Finally Bringing Its Centralized Messaging with Goggle Surveillance™† blobs in its APK to the Masses.

† github.com/signalapp/Signal-An

@kmicu @micahflee
It's still up to the user if they want to use Signal on a phone that utilises Google's infrastructure. Signal works just fine without FCM/GSF.
And i would be very surprised if Signal actually ships any proprietary blobs. I'm pretty sure it simply talks to a proprietary API, which 99% of users have on their phones anyway (Google Play Services).

@fll @micahflee We don’t need to be surprised cuz we can decompile official Signal APK† and check—blobs are there‡. Funny thing even tho app can work w/o them they still bundle them. I wonder why 🤔

[Sarcasm] of course don’t worry, tapping into a centralized infra of security providers is not a thing. Nothing suspicious in those blobs.
Don’t verify, just trust.

† signal.org/android/apk/
‡ developer.android.com/studio/b

@kmicu @micahflee
So they compile proprietary libraries into the app? Or what exactly? If so, is that necessary to use FCM?

@kmicu @micahflee
I'll take no further explanation as just spreading FUD then.

@fll @micahflee That’s your reasoning?—Ignoring linked resources, explanation what ‘implementation’ (former ‘compile’) does in Gradle, direct links to code and the easy task of downloading APK and de‑compiling it?

Providing a verifiable resources is FUD? Maybe I assumed too much from an account on infosec.exchange.

25b7b627614d9351332e3d8d4ed1726e1979317bce6dc09bdf3a966c1ba9471f Signal-website-universal-release-4.55.8.apk → Signal-website-universal-release-4.55.8/smali/com/google/*

Follow

@kmicu @micahflee
You clearly assumed too much. I never wrote a line of code in my life nor decompiled any binaries.

So could you elaborate? What is in that proprietary code?

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.