|
|
|
|
|
|
by AdrenalinMd
1241 days ago
|
|
|
An open source client gives a false sense of security as the APK you're downloading is compiled. In the end you still need to decompile the APK to know what it is really doing. Open source client doesn't matter in mobile world, as you never compile the app yourself.
This is only misleading to the non-tech users who don't get how the whole thing works. That's why Telegram's claim of security is total garbage because while their client is "open source", the backend is that has all the messages is not. Something they don't clearly state on their website. So the Telegram's admins can read all the messages in plain text on the backend.
So "open source" client means absolutely nothing for the security. |
|
|
Okay, so we're ignoring verifiable builds exist?
> Open source client doesn't matter in mobile world, as you never compile the app yourself.
That's a really weird take. Nobody ever checks files for corruption or modification but hashes still exist. Just because most people do not check something does not mean it's non-existent or pointless.
> So the Telegram's admins can read all the messages in plain text on the backend.
They can't. The messages are encrypted on the servers and their keys are split between multiple jurisdictions. No engineer can decrypt messages.