[100001_100011]

How do you know if the Signal client running on your phone right now doesn't include a backdoor? Sure it's open source. But how do you know how it was compiled?

What if someone changed the open source before shipping it to the app store?

[bertman]

This is called "Reproducible Builds".

https://signal.org/blog/reproducible-android/

[100001_100011]

Reproducible builds are for developers. As a user I didn't build the app on my phone.

I have a phone with Signal on it. Tell me what I should do to verify it's running the open source Signal code.

[0xChain]

You should check out Session. Their CTO apparently uses his PGP key to sign every release https://twitter.com/session_app/status/1514108746854985730

[bertman]

If you, as a user, are concerned about reproducibility, you are no longer an average user. Thus, if you want this extra security, you can be expected to check the APK on your phone.

[ghransa]

Not perfect chain of custody but could report to virustotal (virustotal.com) and compare in a sandbox:

https://play.google.com/store/apps/details?id=com.funnycat.v...

[fgiox]

Maybe you could figure this out yourself, and share your findings, rather than demanding answers from others?

[fsflover]

Reproducible builds benefit the user by allowing independent checks of the software.

[RunSet]

That page says:

> the Signal Android codebase includes some native shared libraries that we employ for voice calls (WebRTC, etc). At the time this native code was added, there was no Gradle NDK support yet, so the shared libraries aren’t compiled with the project build.

Also, assuming you trust the client, how to tell if the Signal server is running the published code, especially given Signal's track record of (not) publishing its source code?

https://linuxreviews.org/Signal_Appears_To_Have_Abandoned_Th...

[kijiki]

Signal server is explicitly untrusted in the Signal threat model, which is must be due to being based in a country (like any other country) with laws that can be used to compel actions on the server's owners. They publish legal orders they receive and their responses.

[pabs3]

A related project that is also necessary for this, Bootstrappable Builds:

https://bootstrappable.org/

Otherwise somewhere in the chain you are relying on binaries of unknown provenance.

[i_am_proteus]

How do you know that the AES instruction set on your device's processor doesn't include a backdoor? Sure, the algorithm is public, but how do you know how it was implemented?

[upofadown]

AES starts with 16 bytes and then encrypts it to 16 bytes. So there is no good place to hide extra data. Even a single bit that did not meet the AES spec for the key in use would produce complete garbage at decryption. So attempts to leak the key would at least leave a mark.

[dividuum]

Unless it’s a timing based leak..

[Semaphor]

I would say it’s the usual.

If someone with skills X (where depending on your knowledge and precautions, X can range from script kiddie to nation state) is after you specifically, you can only make their job harder, but unless you are very serious about security, you’ll probably get pwned.

If you want general security, you can probably take it as given that someone checked the Signal build to be the one that the source is available for, and that no one intercepted just your download. But you still have to take some parts on faith, always, unless you build your own CPU and continue from there.

[bigDinosaur]

Have a classic: https://www.usenix.org/system/files/1401_08-12_mickens.pdf