Hacker News new | ask | show | jobs
by CorrectHorseBat 766 days ago
Their problem is that F-Droid releases are signed by F-Droid, not by Signal. This way F-Droid could potentially insert a backdoor in an update.
2 comments
rigid 766 days ago
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
link
CorrectHorseBat 766 days ago
I should have checked before I posted something from memory. These are the reasons they list:

https://community.signalusers.org/t/signal-android-app-on-f-...

F-Droid with reproducible builds signed by both parties seems the best of both worlds to me, now I don't understand why Signal is so stubborn about this.

link
jjav 765 days ago
> This way F-Droid could potentially insert a backdoor in an update.

Google requires app developers on play store to give goole the keys that enable google to insert backdoors in any release. I can't trust anything on the play store for this reason. There is no way to tell which apps have been backdoored by google for whatever reason (the usual reason is a NSL).

link