Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.
On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms
The package name is correct, but signal was never on F-droid.Do you have a third party repo that might be compromised?
Edit: Package name isn’t correct, so that’s almost definitely a compromised version. Get rid of it ASAP.
To add to that:
Always check the projects’ website to see the official ways it’s distributed, before you just download it from anywhere.
Not applying for signal though, as their apk site is hidden away
Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It’s still not a reason to download it from a source you haven’t verified to be official
No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.
Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal
Or just use Molly
deleted by creator
Twinhelix is the only one compiling the app from source without proprietary blobs
And molly.im
org.thoughtcrimes.securesms
It actually might not be, googling
"org.thoughtcrimes.securesms"doesn’t get results.thoughtcrimesvs.thoughtcrime
My question though is how this popped up in droidify, would someone need to manually add some special repo?
I missed that, thanks for pointing it out. The one without S is the correct one.
But that makes me wonder, how did OP not end up with two signal apps then?
Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.
Only official places to download Signal are through the Google Play Store or their website (which self-updates).
You are using a fake app.
It’s a fake copy of Signal
The actual package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms
Also Google officially recommends Signal on the Android website last I checked, so I don’t see why Play Protect would flag it as malware
edit: attach screenshot of package name
edit 2: fix typo in package name (accidentally typed thoughcrime)
Use molly.Im. They have a repository for F-droid.
From which (enabled) repository does the app come. Signal is not on F-Droid or Izzydroid.
“This app tries to spy on your personal data”
Don’t get why Google would care but whatever.
Google is like your big brother. They will beat the shit out of you. But If anyone else tries to beat you they will kick their ass.
They hate the competition.
they obviously want all the data to themselves
I’ll just drop this here
What is the benefit of using this instead of Signal?
You get to convince your peers once more to use a different app.
Uses the signal back end and is cross compatible
Android tablets as linked devices is why I use it. Something Signal seems to refuse to add.
I think this app is pretty bullshit, if you want something secure just use Element… https://element.io/download
Signal isn’t even fully open source, there is an obscured closed source code to check if you are sending spam/scam which probably also allows them to read your messages. They are good coding and making protocols, but they are forced to leak any data to the USA by law and also forced to not say anything about this.
Ah, and Element is officially on F-Droid. No bullshits.
that closed source code part you mention is on the server side… the client and protocols used are fully open source and constantly peer reviewd. signal cant really “leak” your messages to anyone since they are end to end encrypted.
Yup, that’s it.
Explaining myself better, it might be secure as it looks, still I keep the “bullshit” words as Molly comments are mainly that, he didn’t want to upload it on F-Droid claiming it is too unsecure (no auto updates, lack of singing) so he decided to join Google Platform. He didn’t help F-Droid to fix anything, still there are many frontend clients that work pretty good. He just abandoned people outside Google dominion. When he saw many people got infected (as this current post shows) he created that link to download the APK directly (https://signal.org/android/apk/) so people could at least download it from official sources.
About the report of spam, we all used other chats that had already in the group chatbots to manage this “captcha verifications” plus moderators on groups to check on what’s happening. For unknown people talking to you, normally in other platforms you can “reject chat unless he has your phone number in contacts” and things like this.
The source code I was talking, doesn’t seem a big problem as only reported chats are being sent to that external service, I just don’t trust to an app that works with Google.
