| They are signed by the same process as all other APK's on the store; using the play store developer keys that OWS received. Google can backdoor it because they control the distribution source and verification scheme. Google can push anything they want to your device that's a given. Sure you can "lock them out" if you build your own android from AOSP (and even that is doubtful) but if you want to get Signal you'll have to install Google Play and the rest of the Google services which in effect will allow Google to backdoor your device if they would so desire too. Now you can say well I can violate the EULA rip off the APK from the Google Play store on one device and copy it to my AOSP device and verify it there, you still can using Jarsigner; but this is not a distribution method OWS want or should support. OWS trusts that Google and Apple will not backdoor the binaries and devices that is an axiom they base their threat models on; for them it's more important that all users would receive updates and use an upto-date version of Signal since this how how OWS ensures herd immunity; everyone is running more or less their latest software; all the security features are in play; they don't need to support legacy client; everyone is happy. At the end it's simply a case of OWS distributes it's software via 2 channels Play Store and App store in both cases the binaries are signed and verified by the processes supported by Google/Apple.
Alternatively OWS allows you to download the source code from their Github repo and build the version of Signal for IOS/Android and sign it with any key you want. So overall I don't see where do you want them to add additional signatures; what is your threat model?
It would be too easy to say "don't try to teach moxie how to do crypto" but this won't be interesting to either of us, I'm really curious what is your threat model that you would like additional signature specifically by OWS and what do you want them to sign. |
> They are signed by the same process as all other APK's on the store; using the play store developer keys that OWS received. Google can backdoor it because they control the distribution source and verification scheme.
If I verify the signature, I can determine whether or not the APK has been tampered with by Google, yes or no?
> It would be too easy to say "don't try to teach moxie how to do crypto" but this won't be interesting to either of us, I'm really curious what is your threat model that you would like additional signature specifically by OWS and what do you want them to sign.
Well, obviously I'm not trying to teach anyone crypto as I don't know enough myself to begin with. My threat model is don't trust anyone that has a bad track record. In my book Google has a bad track record but not moxie.