this post was submitted on 12 Oct 2023
361 points (95.2% liked)

Privacy

31782 readers
350 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Originally I've download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 271 points 1 year ago* (last edited 1 year ago) (5 children)

~~The package name is correct~~, but signal was never on F-droid.

Do you have a third party repo that might be compromised?

Edit: Package name isn't correct, so that's almost definitely a compromised version. Get rid of it ASAP.

[–] [email protected] 114 points 1 year ago (1 children)

To add to that:

Always check the projects' website to see the official ways it's distributed, before you just download it from anywhere.

[–] [email protected] 5 points 1 year ago (1 children)

Not applying for signal though, as their apk site is hidden away

[–] [email protected] 2 points 1 year ago (2 children)

Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It's still not a reason to download it from a source you haven't verified to be official

[–] [email protected] 5 points 1 year ago (1 children)

No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.

Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal

[–] [email protected] 2 points 1 year ago (1 children)

Call it blame, but that decision is fully within their right, and what Twinhelix does technically violates F-Droids' guidelines. If a creator doesn't want their app on there, F-Droid calls to respect that.

The official Signal apk updates itself, so that's not even an issue.

If your unoffical build from a third-party gives you issues one day, you are fully responsible for that.

[–] [email protected] 1 points 1 year ago

Huh? They could just as well provide a blobfree APK themselves. They have their Google Play crap already, everyone not using that will probably also have a googlefree OS.

They have a FOSS client and provide no FOSS binaries, which is totally their right. I heard their Desktop clients are not reproducible though, maybe because of Electron?

[–] [email protected] 1 points 1 year ago
[–] [email protected] 68 points 1 year ago* (last edited 1 year ago) (2 children)

org.thoughtcrimes.securesms

It actually might not be, googling "org.thoughtcrimes.securesms" doesn't get results.

thoughtcrimes vs. thoughtcrime


My question though is how this popped up in droidify, would someone need to manually add some special repo?

[–] [email protected] 38 points 1 year ago (1 children)

I missed that, thanks for pointing it out. The one without S is the correct one.

But that makes me wonder, how did OP not end up with two signal apps then?

[–] [email protected] 38 points 1 year ago (1 children)

how did OP not end up with two signal apps then?

by that popup blocking him from installing the wrong one?

[–] [email protected] 24 points 1 year ago (1 children)

Oh, that's from the installer and not one of those warnings you get after opening apps. Makes sense.

[–] [email protected] 10 points 1 year ago

Technically it's from "Google Play Protect" that got triggered during the install but yeah.

[–] [email protected] 3 points 1 year ago

Yes, where is that from? Its not in the repos I use.

[–] [email protected] 10 points 1 year ago (1 children)

Twinhelix is the only one compiling the app from source without proprietary blobs

[–] [email protected] 17 points 1 year ago