[simoncion]

> At issue further up the thread was whether insisting on using Google Play to distribute Signal for security reasons was sound logic, right?

No. The assertion was that Moxie only wished to distributed on the Google Play store. I addressed this complaint. From my first comment in this sub-thread:

>> He only wants distribution via Google...

> Untrue. He only wants distribution through channels that provide the same security assurances and deployment features that Google does through the Play Store. [0][1][2]

You then went off on a tear about how the Play Store doesn't provide "guaranteed security", with the strong _implication_ that this fact means that distribution through either the Play Store or the App Store is no better than distributing through a Market that performed no malware scanning, stripped the developer-provided signature from the software they distributed, signed all software distributed in the Market with the same signing key, and (because their code signing system was automated, rather than manually run) kept that signing key online and on an Internet-accessible computer, rather than in cold storage that gets occasionally attached to an airgapped computer.

The difference in procedures is crucial.

> I have to say it isn't helping to persuade me...

Your rhetorical style strongly indicates that you're more interested in verbal sparring than transfer of information. Maybe some months or years down the road you'll go back, revisit conversations like this one, and grow to understand something new about computer security.

[0] https://github.com/WhisperSystems/Signal-Android/issues/127#...

[1] https://github.com/WhisperSystems/Signal-Android/issues/281#...

[2] https://github.com/WhisperSystems/Signal-Android/issues/127#...

[tombrossman]

Verbal sparring is nothing to be afraid of or to shy away from, we're adults and are staying within the guidelines here. It is known for the frequent use of metaphor. Examples of this can be found up-thread in, well, your rather colorful comments about severed limbs and heads popping off! Amusing yes, but not convincing. But not amusing enough to revisit months later - better and healthier to let it go and move on, thanks.

I've provided numerous facts and backed them up with links to sources. That is a substantial transfer of information which you didn't acknowledge. What does all that great security you describe mean for all those people not getting updates? It is a real problem.

You go on to say "That is to say, unless you purposely go very far out of your way to install custom system software that deliberately weakens critical Android security features -thus putting your Android device pretty squarely in the realm of PC-level security-, then there is no software in the Play Store that will take over your Android device." The Viking Horde malware is bad enough with the ads popping up and dangerous links appearing, whether this is 'safely' sandboxed on a vanilla install or completely taking over a rooted devices is of little significance to me. I don't want ANY of it.

I'd like a secure messaging app that can be installed on a more hardened version of Android like CopperheadOS, which does not require the constant 'phoning home' to Google that most Android phones do. Remote install capability via Google Play is huge red flag and a deal breaker for me, but I understand Moxie intends to target more mainstream users and has to make compromises to serve them.

A fair number of Android users like me are more concerned about the mass surveillance practices of advertisers such as Google than we are about the full-on 'tinfoil hat' NSA stuff. I don't like either, but the corporations are more worrying because they're attracting the better workforce with their higher pay and as a result are more effective. We want Signal to protect us from Google, not the NSA.

What initially made me post my first reply to your initial comment was that I saw it was attracting down-votes and I thought you put some effort into it and made some sound points, so I upvoted and replied. This thread has probably run it's course at this point by my email is in my profile if you have anything else to add.

[simoncion]

> I'd like a secure messaging app that can be installed on a more hardened version of Android like CopperheadOS, which does not require the constant 'phoning home' to Google that most Android phones do.

I found this [0] today. You might be interested in the last paragraph of the comment. Enjoy!

[0] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...

[simoncion]

> The Viking Horde malware is bad enough... whether this is 'safely' sandboxed on a vanilla install or completely taking over a rooted devices is of little significance to me. I don't want ANY of it.

It sounds like you'd rather be using something more appliance-like like an iDevice. Their sandboxes are substantially more strict, and their permission system is actually more fine-grained than what you find on Android. OTOH, you can do far fewer interesting things on an iDevice than an Android device. That's the Security vs. Convenience tradeoff at work.

Anyway. This has no bearing on the fact that the infrastructure and services provided by Google through the Play Store are rather good and competently managed. It certainly has no bearing on the fact that distributing software through the Play Store is substantially safer and more secure than either distributing through a Market that has devastatingly poor code signing key management practices, or -even worse- demanding that your users download and install unsigned software hosted on arbitrary sites on the internet.

The truth of the matter is that distribution through the Play Store and the App Store is absolutely the safest and most secure way to distribute software to Android and iOS devices.

> I've provided numerous facts and backed them up with links to sources.

And by and large your "facts" come from antivirus vendors attempting to drum up sales of their now-pointless-on-the-fastest-growing-sector-of-the-computer-business virus scanning software by making mountains out of teaspoonfuls of dirt.

> What does all that great security you describe mean for all those people not getting updates?

You never actually investigated whether or not Google's split of core functionality into Google Play Services largely mitigated the security impact of laggard phone manufacturers. The answer might surprise you!

> A fair number of Android users like me are more concerned about the mass surveillance practices of advertisers such as Google...

Then, uh, why are you running an OS that's authored by Google? There's a saying: "If you don't trust the vendor of your OS, then you can't trust the computer that's running it.". By definition, the author of your OS has root privileges on any device that that OS runs on.

> We want Signal to protect us from Google, not the NSA.

Signal absolutely does not protect your conversations with others if a malicious party gains root on the device on which it runs. If you don't trust Google, then running Signal on Android is absolutely the worst thing you could possibly do. Seriously dwell on that for a while.

> Remote install capability via Google Play is huge red flag...

See above. Also, because Google does not have a copy of the signing key for Android apps that it doesn't author, it is impossible for Google to install rogue versions of apps that it didn't author. [0] When F-Droid was distributing their own copy of Signal, F-Droid used the same code signing key for all apps. This meant that they (or anyone who snatched the key) could push unauthorized updates to any software on the F-Droid repo.

> ...I understand Moxie intends to target more mainstream users and has to make compromises to serve them.

Heh. You haven't understood anything Moxie has said about why Signal is currently distributed exclusively through the Play Store, have you? :(

[0] Of course, you may not believe that if you don't trust Android's app signature verification code.