Signal has a Google Play Services dependency for notifications, so it won't work properly without installing the whole Google package.
Open Whisper Systems (the developers of Signal) apparently don't want to replace it or even just build in a fallback [0], and even fought with the LibreSignal developers, which is a fork that removes this dependency, and told them to stop using their servers [1], which lead to LibreSignal being discontinued.
I don't know what the heck is going on with this, but yeah, it's not pretty.
I am using it and while it's not really working for me (I suppose an update broke it), it's enough to convince Signal to install.
It doesn't receive push notifications but I still receive messages once I run the app in the foreground (a thing I almost consider a feature now and not a bug)
from 2:
> I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world.
Re: APKMirror: I have the same questions I have about all APK proxy services - which claim to pull the APKs directly form the Play Store - why would I trust it to provide software that isn't infected with malware?
Other than APK Downloader, I haven't found another credible source among the very many options. Any solutions would be appreciated.
----
[0] APK Downloader, for those interested ... I'd start with the original, but the others might suit your needs:
You are fine using apkmirror to grab an update you haven't yet received from the Play Store. When you install the apk, Android knows you are updating an app, verifies the signature, and ensures it came from the same developer.
Android is sane: it won't let you downgrade, further updates from the store will work correctly, etc. Since apkmirror usually get their apks from the Play Store, you'll be okay if you know what you are doing.
That said, your skeptical attitude is very appropriate. Installing apks from outside of the Play Store is by far the biggest vector for malware. Users that only install from the Play Store are currently safe (less than 0.15% of those users get malware).
> You are fine using apkmirror to grab an update you haven't yet received from the Play Store. When you install the apk, Android knows you are updating an app, verifies the signature, and ensures it came from the same developer.
Great point; thanks.
> apkmirror usually get their apks from the Play Store
How do you know this? I've read reports of other Play Store proxies who injected malware.
> your skeptical attitude is very appropriate. Installing apks from outside of the Play Store is by far the biggest vector for malware
I was talking about APK proxy services, which claimed to pull the APKs from Google Play Store. For app stores, there are other generally reputable sources, such as,
* F-Droid, which focuses on free/open source software and user privacy. It has an excellent reputation and builds every app from source.
* Aptoide: Large commercial market, claims to screen apps for malware
* SlideME: At least at one time, reputedly focused on small, indie devs.
* GetJar: "The worlds biggest Open App Store", Started "by developers for developers"
Open Whisper Systems (the developers of Signal) apparently don't want to replace it or even just build in a fallback [0], and even fought with the LibreSignal developers, which is a fork that removes this dependency, and told them to stop using their servers [1], which lead to LibreSignal being discontinued.
I don't know what the heck is going on with this, but yeah, it's not pretty.
[0]: https://github.com/WhisperSystems/Signal-Android/issues/1106
[1]: https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
There's also a more elaborate article on the topic here:
https://lwn.net/Articles/687294/