[novakboskov]

Well, if you're communicating with someone on Signal and they indeed receive your messages, you're safe to assume they are the public key holder. The critical part is the secret key management. In other words, are they _the only_ ones who hold the secret key?

[honestjohn]

No, your client asks Signal's server for the other end's public key. There's fundamentally no way for Signal's server to prove to your client that the pubkey you're encrypting for is indeed the one owned by the phone number you keyed in.

[stavros]

To clarify, there's no way for any software to do that. You need to somehow validate the keys' ownership out of band.

[hughesjj]

It offers a fingerprint you're supposed to validate over sneakernet but people are lazy

[rvnx]

and Google Play offers the possibility to distribute an update only to specific e-mail addresses, so if there is a need to compromise users with a malicious update that shows another fingerprint it's really doable (or just copy the messages, like Skype was doing with TOM-Skype).

[PeterisP]

No, that someone would also be able to indeed receive your messages if there is an attacker in the middle who gave you his public key and is then forwarding the message using a channel established with the true recipient's public key.

Message secrecy does rely on being able to authenticate the recipient's public key.