[vbezhenar]

Until next update will send your keys. Do you disassemble every update? I doubt it. In the end it's all about developer trust, because no popular messaging has thriving multi-client ecosystem after Jabber was abandoned. They all have "official" blessed client and some even fight third-party clients.

Not even talking about server side, things are just grim there.

[hackernudes]

Signal does a far better job than most. They have open source clients. They sign their builds. The android build is reproducible (you can build it yourself and it will match exactly what they publish, see https://github.com/signalapp/Signal-Android/blob/main/reprod...). Presumably some people in the world do it.

Now of course I personally don't check the app shipped to me from the Google Play Store, but at least I could!

It's not that I disagree with your point at all. There are still many places for world powers to compel companies to spy on users (in both hardware and software). Just want to call out that Signal is doing pretty much the best they can.

[palata]

> Until next update will send your keys. Do you disassemble every update?

This is actually a big problem with all the web-based stuff where you re-download your client everytime you use it.

Now for an open source mobile app, you can actually compile it from source without having to disassemble. But of course it's not practical to audit it yourself. However, if the same binary is distributed to millions of people, you only need one of them to see the exploit.

If Signal updated the app to send the key, it would do it for millions of people through the Play Store. That's risky. Unless Signal convinced Google to send a specific binary to a specific user of course, but that's harder.