Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
I_am_tiberius
on Dec 7, 2023
|
parent
|
context
|
favorite
| on:
Building end-to-end security for Messenger
I thought Signal is open source?
nicce
on Dec 7, 2023
|
next
[–]
Also their builds are fully reproducible on Android.
zaik
on Dec 8, 2023
|
parent
|
next
[–]
Is there a guide how one can check that the PlayStore version matches the source code?
nicce
on Dec 8, 2023
|
root
|
parent
|
next
[–]
Here is one:
https://github.com/signalapp/Signal-Android/tree/main/reprod...
dontlaugh
on Dec 7, 2023
|
prev
|
next
[–]
US spooks can get Apple or Google to deliver altered apps to targets, if nothing else.
viktorcode
on Dec 7, 2023
|
parent
|
next
[–]
Source?
cies
on Dec 7, 2023
|
root
|
parent
|
next
[–]
AppStore and PlayStore are not open source, so you trust the distribution mechanism, is what I think parent wanted to say.
I_am_tiberius
on Dec 7, 2023
|
root
|
parent
|
next
[–]
But you don't need to install them via their store. Also, you can always check the hash code of the binary.
cies
on Dec 7, 2023
|
root
|
parent
|
next
[–]
I'm not sure about that. But true, in that case only the fact that's not open source is still in the way of me giving it my "baseline safe" approval. :)
TiredOfLife
on Dec 7, 2023
|
prev
[–]
It's "source available". They make changes to their server code, run those modified servers for a year or so and then release a source.
contravariant
on Dec 7, 2023
|
parent
[–]
The server code isn't relevant in this case, you want the client code to be secure.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: