|
|
|
|
|
|
by paulgb
1984 days ago
|
|
|
If Google wanted to read your messages and were willing to use malware to do it, there’s little to stop them on Android. Even if Signal checked the apk regularly, there’s no guarantee that the apk served to them is the same one served to everyone else. They could also push an update to the OS that recognizes the Signal apk and applies a patch after downloading but before installing. That said, Signal does apparently support reproducible builds so that people can check that the apk matches what’s on GitHub (though this is more of a way to detect malfeasance on Signal’s part rather than Google’s) https://signal.org/blog/reproducible-android/ |
|
|
Ah, right, there's also that.