Hacker News new | past | comments | ask | show | jobs | submit login

I thought Signal is open source?



Also their builds are fully reproducible on Android.


Is there a guide how one can check that the PlayStore version matches the source code?



US spooks can get Apple or Google to deliver altered apps to targets, if nothing else.


Source?


AppStore and PlayStore are not open source, so you trust the distribution mechanism, is what I think parent wanted to say.


But you don't need to install them via their store. Also, you can always check the hash code of the binary.


I'm not sure about that. But true, in that case only the fact that's not open source is still in the way of me giving it my "baseline safe" approval. :)


It's "source available". They make changes to their server code, run those modified servers for a year or so and then release a source.


The server code isn't relevant in this case, you want the client code to be secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: