|
|
|
|
|
|
by at612
3477 days ago
|
|
|
> Re: Google Play Services. Here's is the way I understand this to work, so please do correct me if I'm wrong. > Signal uses Google Play Services to notify me that I have an incoming message from Signal. More importantly: a. That dependency, along with other "restrictions", sets an artificially high barrier to actually using the product independently. This is presumably so that they can maintain the pretence of being "open source". b. Keep track of application downloads and whatever else Google provides to developers. Moreover, as the paper that someone has linked elsewhere says, if you are allowing Google services in your app (Google Cloud Messaging, to be exact), you're at the mercy of anyone with control of it. A relatively trivial attack via GCM, as the paper hints, would involve simply replacing your application with a backdoored version, and you'd be none the wiser. It is a massive attack surface that just cannot be ignored. |
|
|