@micahflee *coughs* Signal Is Finally Bringing Its Centralized Messaging with Goggle Surveillance™† blobs in its APK to the Masses.

† github.com/signalapp/Signal-An

@kmicu @micahflee
It's still up to the user if they want to use Signal on a phone that utilises Google's infrastructure. Signal works just fine without FCM/GSF.
And i would be very surprised if Signal actually ships any proprietary blobs. I'm pretty sure it simply talks to a proprietary API, which 99% of users have on their phones anyway (Google Play Services).

@fll @micahflee We don’t need to be surprised cuz we can decompile official Signal APK† and check—blobs are there‡. Funny thing even tho app can work w/o them they still bundle them. I wonder why 🤔

[Sarcasm] of course don’t worry, tapping into a centralized infra of security providers is not a thing. Nothing suspicious in those blobs.
Don’t verify, just trust.

† signal.org/android/apk/
‡ developer.android.com/studio/b

@kmicu @micahflee
So they compile proprietary libraries into the app? Or what exactly? If so, is that necessary to use FCM?

@kmicu @micahflee
I'll take no further explanation as just spreading FUD then.

@fll @micahflee That’s your reasoning?—Ignoring linked resources, explanation what ‘implementation’ (former ‘compile’) does in Gradle, direct links to code and the easy task of downloading APK and de‑compiling it?

Providing a verifiable resources is FUD? Maybe I assumed too much from an account on infosec.exchange.

25b7b627614d9351332e3d8d4ed1726e1979317bce6dc09bdf3a966c1ba9471f Signal-website-universal-release-4.55.8.apk → Signal-website-universal-release-4.55.8/smali/com/google/*


No further explanation regarding the technical details? It's just "proprietary code=bad"? Code that I assume is used to be able to use FCM on phones that have GSF installed anyway, and that way avoid the pop-up that warns about battery use.
If you looked at that proprietary code and can see what it does I would very much appreciate further explanation.

· · Web · 1 · 0 · 0

It's just that reading your comments i got reminded of a lot of comments putting libre as the only aspect about software, that often ignore important aspects like security and usability for inexperienced users.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.