|
|
|
|
|
|
by profmonocle
444 days ago
|
|
|
Endpoint integrity is also critical. If Apple or Google were compromised, they could silently push an update that replaces the real Signal app with a modified version that forwards everything to an adversary. Any system where the government doesn't have total control over software deployment will never be viable for handling claasified information. |
|
|
That is, if the reproducible build didn't constantly break https://github.com/signalapp/Signal-Android/issues/13565.
It also ignores the fact that the vendor could send updates targeted to specific devices.