|
|
|
|
|
|
by bri3d
4502 days ago
|
|
|
The Whisper Systems people and the community are already discussing this issue, at least for the released Android app: https://github.com/WhisperSystems/TextSecure/issues/127 For iOS I believe that decrypting the binary and doing an objdump, then comparing the resulting assembly is a reasonable approach to ensuring that two builds do the same thing. Comparing objdump results won't protect against particularly insidious backdoors like those injected through data resources or binary headers, but in tandem with a source audit should give a fairly respectable degree of assurance. This process would be quite easy to automate. |
|
|
Not a chance.
And if someone is doing this, we are well past "particularly insidious".