Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
If you trust the initial install then unless there is a warning about the signing key you are good. Only signal devs can sign the builds so if you installed the play store version then updated with their standalone apk or fdroid version then it should just work as the signing key is the same.
Guardian project are just publishing signals apk files as the signature matches.
You should consider using Molly, a fork of Signal with Unified Push.
Why
Because, you won't have to guess where to download the app. And you can get a completely FOSS version. And if not using google services, unified Push can help you with notifications.
So Android only, and not in the play store?
I've heard of Molly and read the repo. But I'm unsure how it would be more official and secure than the actual official app.
Love it in theory but when I tried it out a few weeks ago calls weren't working with it. I could still receive calls on desktop but it would never ring on my mobile. So tread carefully.
My signal app tries to update itself. Installed from obtanium. It is a very irritating process, the thing tries to update, there is sometimes weird response times from clicking it (you click the notification and simply do not know if something is happening) and then without notice the thing restarts and then usually it works. But sometimes, the update notification still comes back. Because of that, I just update via obtanium
I had this happen. I clicked the notification many times nothing happened. Then eventually it did. It was odd. I just wanted to make sure everything was still intact.
I have the one installed from the Play Store, and it hasn't done that. It sounds potentially suspect.
Does seem odd doesn't it. How could I verify the app is authentic and no malware or anything has accessed my phone?
There are virus scanners for Android - I have Bitdefender on mine - but I don't know how effective they are. Back in the day they were a bit of a gimmick; I don't know whether they're better now.
I have seen other apps from F-Droid do this. NewPipe, I think, used to prompt me for updates even though I had installed it from F-Droid. But I was always a bit unsure so I tended to just go back to F-Droid to install newer versions. Maybe it's a thing some apps do but I don't know why they should need to and I don't entirely trust it.
I have not had this happen. I just have the Play Store one.
It seems odd. Given recent news about various signal things. I'd rather ask than not.
Not clear on where you installed it from...?
F droid store originally.
Signal isn't on F-Droid out of the box, I don't think, but it is in the Guardian repo and probably in a few others as well. I downloaded the Signal apk directly from their website, and that version does auto update and has for quite some time.
EDIT: if you're worried about it, I suppose you could uninstall it and then download it from them directly (be sure to verify the certificate), after which it will prompt you to update it periodically from the app itself.
Even better, you could think about switching to Matrix.
EDIT EDIT: Although basically I'm just passing on dessalines's recommendation to you, I don't really understand Matrix too well, especially the bridges.
Not native Signal but it happens with Signal forks that I install after adding repository to F-Droid, I have had a notification of a Signal update, even though I'm not using native Signal.
I disable that notification in the phone app settings and wait for an F-Droid notification of an update to install.
So you don't think it's something to be concerned about? I turned off install from unknown sources. App store F-Droid says it's up to date.
I'm completely open to hearing why the Signal update notification is a concern. I don't worry about it but you may know something that I am not seeing.
My Signal auto updates via Obtainium. That is outside of a store. I think I remember the two updates your talking about.
It was 10 days ago for the last update, then the first one was a few days prior to that. Those two were the only two ever to have that happen.
Yes. I remember seeing the notifications. I then went to Obtainium and updated. What I do not know is if these were signal or obtainium notifications. It did seem odd at the time.
I had the same at the same time. I ignored the app request and updated from app store
Phew. OK. Thanks. I'd rather post and ask then be ignorant. Still unsettling.
I had the same "that's weird" reaction too. So not just you, would be good to know if it was kosher or a malware. I might have a dig now
Let me know if you find anything. Follow up. I'll check too.
Ok. So I found on announcements at https://community.signalusers.org/ that Signal added obtainium to the download options (due to google delays on releasing through play store). I also got another update notification from Signal app this morning, which went away once I upgraded to the latest version. Could be related ?
I wonder too. It has to be them pushing the update through the app itself. I got another update notif. Last night. I checked both stores and no updates there. This must be it! Just seemed super odd at first.