IronJumbo

joined 5 months ago
[–] [email protected] 2 points 2 weeks ago

I hope @[email protected] will dispel our doubts or a member of the Simplex.chat team :(

[–] [email protected] 1 points 2 weeks ago (1 children)

It's not about whether the application communicates with these addresses or not. It's about the fundamental question: why are these addresses even encoded in the code of a VERY privacy-sensitive application?

My friend, in every answer you push F-Droid as a cure for all evil. There is no perfect store, F-Droid also has its problems (I wrote about it above). I am not an enemy of F-Droid (I also use it sometimes), but I will repeat: F-Droid control is insufficient (it's security theater - it's not a full audit of the source code).

[–] [email protected] 3 points 2 weeks ago (8 children)

When installing from Github you only trust the developer and their signed certificate key.

When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.

Besides that F-droid has its own problems:

https://privsec.dev/posts/android/f-droid-security-issues/

I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

https://sideofburritos.com/blog/obtainium-overview/

 

Hi

I may be wrong, but can someone help me interpret the results of this analysis correctly?

https://www.hybrid-analysis.com/sample/0a0238f85b8a559e8ab54f67920004db3a67a39bdbdbfa00075fd7d27e41dec4/672423b56b46e4feb006681d

See the Network Related section: Why does Simplex.apk have a hardcoded communication with

issuetracker.google.com

android.googlesource.com

developers.google.com

An app that is advertised as the most privacy-friendly?

All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)

34
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]
 

Please clarify if ProtonVPN servers are also affected and what are the corrective actions?

https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/