[tadzik_]

Signal app is also canonically distributed by Google Play/Apple Store, which are US entities under US law. When push comes to shove, an app update may get distributed to select individuals that will happily gather and send all their conversation histories and more.

As an EU citizen, I'm half puzzled and half horrified at how happy the EU institutions are to rely on foreign products: especially coming from a country that has a history of being trigger-happy and cutting people off in the name of a "trade war".

[rawfan]

I compiled Signal for iOS and monitored the sent data through a proxy. Both behave identical. There could be a hidden switch in the distributed binaries that triggers other behavior, but I really doubt it. For Android, there are reproducible builds so you can actually check the code is the same. For iOS reproducible builds are harder but should still be possible.

[squiggleblaz]

Can I verify that the build installed on my Android phone[] is identical to the one that I compiled? For instance, if I mount the device in Linux I can only see /mnt/sdcard, not /, so I can't copy the binaries off.

[] i.e. the build installed on my phone, not the build available no Google's server to download.

[pergadad]

What's the alternative? Private closed-source apps like Threema?

This also is not for official communication , it's just for any case where staff would currently use WhatsApp or similar spyware.

[dependenttypes]

I do not think that anyone suggest to use proprietary alternatives. Instead it seems that the posters in this thread would be more happy if the EU was more independent from the US by for example hosting their own signal servers and forking the client.

[jeltz]

Matrix, which is already used by the French government.

[imtringued]

Under your threat model no internet connected smartphone is safe. Google can just push any arbitrary software to run on your phone and this includes spyware created by governments.