One of the reasons I didn't install WhatsApp is the sheer quantity of permissions it wants (on Android).
Yes, I realise that this is part of Android's broken security model.
But the Signal app also wants access to practically everything. Device & App History, Identity, Calendar, Contact, Location, SMS, Phone, Photos/Media/Files, Camera, Microphone, WiFi Connection info and Device ID and call info.
Call me paranoid, but making an app with all those permissions seems kind of the obvious place for backdoors and similar.
If there was a 'light' version of the app which only required access the internet, then I'd be much more likely to install and use it. (And maybe if I ended up trusting it, then later install add-ons / the full version later).
I'm not associated with Signal or Moxie (though I've been a silent fanboy for ~15 years-- [[hey Moxie if you're reading this and still are hiring, ping me - contact info is in my profile]]), but I'd inherently trust the application more than an average application or company because:
a) Moxie has a track history of having a lot of personal integrity with regards to security. Some might say this is blasphemous but I'd put him up there with Bruce Schieder.
b) The whole source is available on GitHub, compile the APK and see if it matches.
c) it's incredibly easy to take an apk and disassemble it, to see if there are backdoors to begin with if you are really that cynical.
Don't get me wrong, I'm a tinfoil hatter. I use GPG, run my own MTA for anything even remotely important, use DDG over Google, donate to the EFF and use their HTTPS Everywhere plugin, have all of the Ad-Opt outs enabled that Google/Doubleclick/etc make available but try to obscure, etc. I'd be willing to bet that Google is collecting way more information than Signal is.
But hey, that's why rev-eng is so important. A wiser man than me once said "Don't turn it on, take it apart" ;)
Last I looked, no, but the immediate cause of nondeterminism I saw was the zip entry timestamps in the apk. I didn't bother looking further down the chain.
> I'd be willing to bet that Google is collecting way more information than Signal is.
I don't understand this sentences. It's quite obvious that Google is collecting way more information than Signal and almost anyone else. I'm curious, what did you mean?
I suppose he refers to information collected with the Signal app alone. The thing is that all information that is sent via Google is encrypted, so it's not of much use. I only wonder how the connection between two clients is setup, and if Google gets to know which Google user talks to which other Google user.
In terms of privacy tools, I work for a company that makes one aimed for the general internet user (i.e. someone who doesn't know what DNS is). Do you have any comments on our extension? https://redmorph.com
We aimed to put adblock/ublock/donottrack all in one extension and coupled it with vpn and proxy paid services.
This issue is intrinsic to the security model of Android before Marshmallow.
If an app is going to be able to send a contact, share a location, make a phone call ... all these permissions need to be demanded upfront, which I understand can be scary.
You also need to keep in mind that nobody is going to use "secure messaging" if it's a pain to use. You obviously don't want to be copy pasting contact information in the app for instance.
I'm glad to see that Android is following iOS's permission model where permissions are only asked at run time.
It's exactly why marshmallow is changing the permissions model. All of those permissions are necessary if you want an app that:
* can show a contact's name on a message they sent you
* can save public keys and access them
* can send/receive messages with multimedia
* can uniquely identify your device and you as a user (to generate your private key with unique primitives)
Off the top of my head iIdon't know why it asks for calendar permission, but we could inspect the source...
The point is, if you're trying to make a mass market app, you have to offer competitive features... And that requires a lot of permissions.
No idea about device history. Identity to know your number. Contacts for contact discovery (using a privacy protecting protocol). Location for location sharing. SMS because you can send SMS with it. Phone because it can call from it. Media and camera because you can share media. Microphone for calls. WiFi connection for a bit more stable connectivity. Etc...
In Android Marshmallow you can deny / disable any of those permissions. And apps compatible with API Level 23 won't ask for those permissions from the start.
>Yes, I realise that this is part of Android's broken security model.
Well, with Marshmallow, they have no excuse. The permission model is now very similar to iOS's one and any app can start with 0 critical permissions (basically anything related to personal info) and ask the permissions at runtime.
For either Android or iOS, you still have to trust that an app won't abuse the permissions you give it though.
Yes, I realise that this is part of Android's broken security model.
But the Signal app also wants access to practically everything. Device & App History, Identity, Calendar, Contact, Location, SMS, Phone, Photos/Media/Files, Camera, Microphone, WiFi Connection info and Device ID and call info.
Call me paranoid, but making an app with all those permissions seems kind of the obvious place for backdoors and similar.
If there was a 'light' version of the app which only required access the internet, then I'd be much more likely to install and use it. (And maybe if I ended up trusting it, then later install add-ons / the full version later).