Hacker News new | comments | show | ask | jobs | submit login
Signal can now be used without Google Play Services (github.com)
469 points by marco1 on Feb 20, 2017 | hide | past | web | favorite | 164 comments



This is great news. Is there sufficient interest in making a secure dumb phone ? If it's cheap enough, I think some people may be interested. The rough design for the phone can be something like this: It should not be a real phone. i.e., No baseband or actual cellular connection. It should work only over wifi (ath9k maybe?), and have provisions for always-on TOR/VPN. The rest of the hardware and software can be derived as some combination of Neo900, Replicant and copperheadOS


Next problem: Signal will not work without a phone number...

I'd vote for https://riot.im/ instead.


Does matrix even support end-to-end encryption? Last I checked it didn't have /any/, except maybe server-to-server and even that wasn't enabled.

I also seem to remember going over their homebrewed cryptographic rachet and it didn't properly HMAC.

EDIT: Apparently riot.im supports E2E, but it's not a part of the Matrix protocol and it's not encrypted by default. The Olm rachet was also audited by NCC, so that's nice.


E2E /is/ part of the Matrix protocol - it's just still in beta. The spec PRs haven't landed yet (http://matrix.org/speculator/spec/drafts%252Fe2e/client_serv...). Once out of beta it'll be turned on everywhere by default.


They have e2e on all devices now.


But still no way to enforce or enable as default.


I said this several times but will repeat it here again.

I would love a Ricochet/Rio+Signal+Burner combo.


But none of those are fun to use, let's throw telegram/slack into the mix!

Wire is doing a pretty good job of making a fun to use chat interface, but it has its own problems in privacy and speed.


Couldn't the phone somehow "pretend" to have a phone number?


I think it needs the phone number for verification. The phone number is the identity in Signal (and a lot of other apps these days).


I use Twilio when I need to verify phone numbers for stupid apps. Mainly because a great deal of the time don't actually carry a phone around (especially if I am carrying something more computationally powerful than a phone). And I can verify my Twilio phone numbers from anywhere in any country.

Can't we kill phones already, please? Identify people by e-mail addresses, which are easier to remember and not tied to countries.


> ... The phone number is the identity in Signal (and a lot of other apps these days).

Which to me is an incredibly dumb idea since it leaves out WiFi only terminals such as el cheapo tablets but also small embedded boards etc. I know some of these messaging apps can be used on WiFi only devices, but never in an immediate way and I believe you can't use them at the same time, which is very dumb. This also kills any IoT use for instance, where you could make N copies of a Linux image that boots a node, connects through the same user and sends the data available to its IO pins, or accepts commands to drive them in order to turn on or off other appliances.


Signal only works on phones and chrome desktop right now. So other devices are anyway out of question. Their goal has always been secure messaging for the masses, and not necessarily secure messaging for everyone and everything under the sun. I think it's a fair trade-off if it helps them get the user base by keeping it simple and similar to WhatsApp. Even in its current form, it's incredible difficult to get people to use it. It would be much worse if it were any more complex UI-wise.


Yes, chat needs to not be just basic texting or no one will use it.

iOS users get iMessage which is great, but there's no cross platform version.

Telegram + Encrypted by default and in groups would be best, but they have some (invalid) reason for keeping it unencrypted.


There's a lot of features Telegram offers that can't be used with e2e encryption. Stuff like link previews and many bot functionalities are things that come to mind that my group uses very frequently.


I'm sure they would not mind a whatsapp like buyout offer, at least as an option. That, and secure messaging for the masses.


Verification of what, to whom/what?

If you're using WiFi, there's no "phone" anything involved.

Or at least, I don't get why there would need to be.


It's not a technical limitation, just a design decision. Everyone on Signal's network is known by their phone numbers. You cannot pick a username, as such. The phone number is the username.


I really don't get the point of that.

I mean, sure one can get more-or-less anonymous phone numbers. But why create the need for that?

There are things like keys for verification :)


> I really don't get the point of that

To prevent spam and promote discovery. Finding someone on WhatsApp or Signal is easier than on WeChat as with the latter someone might be using a screen name, or an email address or a phone number.


Discovery and preventing spam should not take precedence over privacy for an app that supposedly has privacy as its number one priority.


Privacy isn't signal's one priority.

Good enough privacy for the masses is.

They are always making these tradeoffs, and always make the same decisions. Perfect privacy in every situation isn't the goal. The goal is better privacy than the average person currently has, while still maintaining a level of convenience that the average user well accept.


That's what google and Facebook say.


Indeed. So one must conclude that privacy isn't the top priority.


Why is it is easier to find someone when you can only use one identifier to find them, instead of several? Note that WeChat also uses phone numbers to limit spam, so you can find anyone if you know their number. (But exchanging QR codes is the preferred method of sharing contact information, to the point where I couldn't call most of my contacts except through WeChat.)


> To prevent spam

I suspected that, but have they openly said it? I suspect it's also to deter criminal activity.


Wow that's an amazingly stupid and short sighted decision. Why would they tie their app to a legacy numbering system which doesn't even serve to accurately identify people?


So that they do not have to worry about that. It's a pretty smart decision to offload the issue of unique IDs to an existing infrastructure.

I really do not like it either too though.


... Same reason WhatsApp got so many users and became worth billions? It's simple, straightforward, and just works for most people.


Your messages still go through OWS servers. I believe signal routes messages via phone #.

Signal client is open source though, so maybe this is easy to work around.


OWS has specifically said they won't accept federation...


I was more suggesting a separate centralized service that doesn't use phone #s, but true that you still wouldn't be able to use it with standard Signal users.


You can use Signal with a VOIP number. Do the one-time registration and that's it. Or you can get yourself an anonymous disposable SIM (unless illegal in your country), register the number and keep hold of the SIM if you need to re-register the number in the future.


I was previously working on an epaper phone project. A minimalist/modern feature phone. Anyway, the company pivoted and has agreed I can open source the hardware.

I decided to ditch GSM and just use wifi. I have been thinking it could be a good platform for encrypted messaging using Matrix/Riot. Unfortunately I am not a software developer. If anyone is interested in helping out, let me know.

[1] https://github.com/junglejim8/epaper


Your cabin project is interesting! Any updates? How's it going?

http://woodstead.org/build.html


Thanks, it is really enjoyable. Hiking right outside my door and exceptionally low expenses. I am planning a v2 soon that can be built more easily(no excavator), be significantly larger(my current cabin doesn't have an indoor bathroom), and still be low cost.

Its amazing to learn about 500 yr old buildings in Germany and England using low cost, simple techniques. I hope more people might realize that this is a lifestyle option.


haha. that's an awesome cabin! :) never thought I would end up reading about your cabin project when I clicked on the link about Signal :D

good luck for v2. Hope to read about it on your page.


This looks cool. Thanks for linking! What epaper hardware are you using?


Sharp memory LCD. It uses a simple SPI interface, can refresh at about 30fps, but has no greyscale unfortunately.


30 fps is pretty good for an eInk screen, and UI design for a two-tone black or white screen seems like a really interesting challenge.

Maybe I should build one of these...


Ill be doing a small run of prototypes in about a month. Could assemble one for you if you want to hack on it.


I'd buy that. I'd go further and say a dumb phone that doesn't allow complex apps would be fine with me too. It has built in apps for a set of open protocols like the web, email, matrix/irc, vcard, ical etc. Updates these apps, but that's all you get. Pushing security on top of the Android ecosystem seems like a lost cause and building something with app ecosystem parity is a pipe dream it seems.


Funny, for me, web, email, chat, calendar, etc. are all superfluous distracting noise. The one thing that keeps me on a smartphone is Google Maps.

I have a Garmin for the car, but their public transit directions are difficult to replace.


If you can get transit to release data in a standard protocol, then I think that'd be fine. I would just be afraid of closed devices needing access to closed protocols and APIs. There be dragons.

Maybe something like nixOS where the phone's state is the result of a pure derivation. No installing or configuring anything except through a privileged ssh after decryption. Then boot and go again.

Only automatically updating is possible from the device proper, rollback on failure.


> If you can get transit to release data in a standard protocol, then I think that'd be fine.

They do; it's called GTFS. It tends to need a lot of cleaning and manual in-person verification, which is expensive.


You might be interested in this? No fluff, but does have maps and sync services. http://siempo.co


I've been tossing around a design for a "dumbphone" that only has "extensions" rather than apps. You can define feeds of information for it, such as bus schedules, email, and tweets, but that's it. If I can get my soldering up to snuff I may just try to build it.


Maybe start with one of these...

https://hackaday.io/project/19035-zerophone-a-raspberry-pi-s...

https://openalia.wordpress.com/2012/06/09/diy-totally-open-s...

...then start deleting code out of it, hardening it, and using memory-safe apps. A nice step on the way to a truly, dumb phone that might take a lot of custom work.


I have been using F-Droid instead of Play Store. There is some control atleast. Only if Uber made an open-source app :(


> It should not be a real phone. i.e., No baseband or actual cellular connection

That's going to severely limit the usability of the device. If you want to make a device for practical security, you'd need to find a way to isolate the mobile network chip. IIRC, better USB 4G dongles are standalone and expose expose either serial interface for PPP or an USB ethernet device, so the attack surface is limited.

If you build the phone around the chip from one of these, and make sure all data is VPN'd (and voice is VOIP'd), I think you should be able to contain cellular/baseband related attacks (to be clear, the baseband is still vulnerable, but won't be able to make the jump in the phone proper, and will only be able to see an encrypted data flow).


If I recall a true secure phone is difficult. According to a infosec presentation I saw. The problem is the mobile chipsets that are closed making auditing difficult. Most diy mobiles use these chipsets.

Further the chips are able to run mini applications and these can be pushed by service providers with no real way preventing it from the OS level.


Most of the insecurity stems from the baseband. It's a black box processor with unfettered control. Once you get rid of that, the rest of the hardware is more like a general computer. Getting PCs to work with an entirely free stack is also hard, but tractable. Replicant already does a good job with some old phones.


Why not an iPod?



> t should not be a real phone. i.e., No baseband or actual cellular connection.

Couldn't you use a small tablet?


yes, to the extent that you trust the OS and other firmware/drivers/blobs running on the device.


We need FOSS handheld devices.


There is Replicant: http://www.replicant.us/


absolutely yes !!!


I've recently been attempting to gradually liberate my data from reliance on Google's services, not just for being more privacy conscious but by a means of exploring new services offered by other companies/developers and to decentralise my data. I've started this process by installing Lineage OS on my OPX device and selected the bare-minimum of Google Services - Google Play Store/Services.

From what I've done so far I imagine it's quite difficult to remove dependency on Google Play Services and I've been wondering, which alternatives exist and what's the rationale behind completely removing dependence on Google Play Services? With Lineage OS I've been able to restrict most permissions besides storage so is there any need to remove it?


There is no need for any Google software. Just install lineageOS, then install f-droid and from f-droid install Yalp Store. From Yalp you can install any app from Google Play, should you want to.


While this would be a perfect solution, there is one caveat:

Most apps (e.g Signal until today) rely on Google Cloud Messaging (GCM) service for push-notifications. Without GCM, many apps simply crash.


More people should know about Yalp! Awesome.


Just note that Yalp is storing the username and password you give it server side.


They have an experimental option to login without giving your credentials; I just tried it minutes ago.


I just looked through the source code real quick, and while I may have missed something it seems to be storing the credentials client side, not server side. Unless you mean on Google's servers, then yeah.


I just wish I had a device that was supported, having major issues with cyagenomod, had to flash stock and it's driving me crazy.

Cyagenomod with no google apps/services at all makes me feel much better though. I may have to get a new device just for lineage.


I'm a long-time F-Droid user, but I hadn't heard of Yalp Store that I can remember; thanks for the reference!


To be fair I don't think it has been available that long in f-droid.

My previous hack was two phones. One clean and one with Google Play. Both with f-droid as f-droid has this wonderful feature of copying one apk to another over WiFi.

Sorta like a private repo.


Yea, I didn't mention it, but I checked when it had been added; it was 2016-12-30.


> Just install lineageOS

Except many many phones are NOT supported by LineageOS.


That is the reason I do my due diligence regarding the personal requirements (quirks) that I have.

And then I buy a phone that _does_ support rooting and other ROMs.


> I've been wondering, which alternatives exist

https://f-droid.org/


check out the microG project: https://github.com/microg

it provides a location service that works without google and they re-built the play services and maps API, so you don't have to have any google apps installed at all. for those apps that actually need to talk to google servers, there's an option for that.


Have you had any experience setting up an Android device to use microG? Their installation instructions on Github make it seem like a huge hassle. (e.g. You need a custom ROM that supports app impersonation, which is usually prohibited on security/privacy conscious distributions.)


yes. in short, it didn't work for me. either your ROM supports that out of the box (mine didn't), or you install xposed (should be rather simple with their installer, but didn't work for me, likely because my five year old device isn't supported), or you patch your ROM manually to enable "app impersonation" (signature spoofing), that didn't work for me either.

but the xposed route should be simple, provided you have root access.


I still like Matrix' federated first approach to the server over Signal's, but this is a welcome change. Now we just need an F-droid build (official repo or built by the F-droid team).



They're pretty critical of XMPP but aren't there direct counter examples to it, like Conversations https://conversations.im for one.


Conversations is the only counter example and only came into the scene fairly recently. Before, XMPP on Android (my OS) was not fun and battery draining.


Fortunately, as the code is under a free license, F-Droid or anyone else can ship their own builds no matter what Open Whisper Systems prefer.


But their users won't be able to talk to signal users. It is hard enough trying to persuade people to use signal. Getting critical mass for a fork would be even more difficult.


But there's a catch: They may not name it "Signal", probably.


Firefox does the same thing, and I can see the reasoning behind it.


I honestly don't see Signal and Matrix as competitors. I guess Signal is trying to position themselves as a chat service, but I see it more as a replacement for SMS, whereas Matrix I see as more replacing IRC and instant messenger products.

If we had to choose between them, I'd take Matrix in a heartbeat, but I just let them co-exist.


WhisperSystems doomed Signal as an SMS replacement when they dropped encrypted SMS support. Now it's just another instant messenger. Big whoop, I had OTR encryption a decade ago (with more contacts, too - it's a lot easier to say to a friend "install this OTR plugin" than "switch to this IM network/app"). I use SilenceIM.


I only use it as an SMS replacement.

Really, as long as you have mobile data, there's no difference between supporting SMS encryption and not - you can only talk encrypted to other Signal users anyway, and other Signal users will get your non-SMS-routed encrypted message just fine.

The use case for Signal-encrypted-SMS is continuing to send encrypted while you have no IP connectivity, but thankfully that is becoming a rarer corner-case. The last time I had SMS but no IP was on a cruise ship.


Happens all the time for me. Pretty much anywhere in the US, I'd bet there's a spot within 50 miles where all you have is cell coverage.


Ahh, I was not aware of that, in light of that it seems like dropping encrypted SMS support was premature. (Here I don't think there's any places with non-data coverage, though there is now some of the opposite - places with no circuit-switched voice coverage, voice there is only through VoLTE).


Also note that as it stands encrypted SMS is technically superior. This is Moxie's comment on GCM-free Signal:

> I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services

You don't get high battery consumption, or unreliable user experience, or a requirement for Play Services with pure SMS encryption.

SMS encryption is actually quite a tricksy problem. TextSecure's entire purpose (over bog standard IM OTR) was to solve it, providing individual message-level forward secrecy. This is why it's so perplexing to me that they dropped it (I understand that part of the reason is that iOS simply does not allow it)

https://whispersystems.org/blog/advanced-ratcheting/


The problem with federated approach is that it leaks metadata. When you take centralized system apart and expose internal communications to the Internet, you reduce anonymity. Extreme case is when everyone uses his own homeserver and information on who calls who and when is completely exposed.

It is not enough to make the system distributed, you need to exploit the fact that different parts of the network are controlled by different parties to build self-enforcing protocols that ensure anonymity.

For comparison, see how bitcoin is just distributed and zerocoin is anonymous. Gnutella is just distributed and FreeNet is anonymous.


That's not the only problem, or the most important problem. The most important problem of federation is that it generates lowest-common-denominator security. For instance:

https://whispersystems.org/blog/giphy-experiment/

This is how Signal provides Giphy search (spoiler: they tunnel a TLS connection through their own server, with TLS negotiated end-to-end from the Signal app to the Giphy server, so that Giphy can't tell what client is searching for what GIF while at the same time Signal's server's can't see what people are searching for).

Does anyone believe that in a world where 90% of Signal-network client installs weren't Signal.app, that this is how features like this would work? It's not an unknowable question. All you have to do is look and see how Signal's competitors, like Wire, tackle this problem.

It's true that in a federated Signal-network, you might get clients that have security features Signal itself lacks. But because it's far easier to produce an insecure client than a secure one, insecurity will dominate, and be a boat anchor around any efforts to improve security down the road.

Call it "the libpurple problem".


All true, but I think the situation looks a little worse for centralization if instead of 'security features', you think in terms of 'vulnerabilities' (almost but not quite an antonym). Signal probably has a lower vulnerability rate than competing software, but if someone finds an implementation bug, it can be used against every user on the network. Compare to, say, IRC, where there are a lot of really poorly written clients, but the sheer number of clients in use would limit the fallout of any one exploit.

Likewise, Open Whisper Systems is pretty trustworthy, but if someone gets access to their servers, either by hacking or by coercion, and starts, say, logging metadata (who's chatting with who), all Signal users are compromised. When I chat on a private (and SSL-only) IRC server, the security guarantees are awful compared to Signal - and I'm not saying that's not a problem - but at least I know that my conversations will only be compromised if someone really has it out for my group in particular; they won't show up in some massive leak and/or government database.

This also applies to binary distribution. When software is compiled by N different distros or package managers or by users directly, that does make it hard to get security updates out in a timely manner. But with a centralized system like Signal's, if the binaries are compromised, everyone is pwned. Yes, measures like reproducible builds can reduce the risk, but they're far from perfect. Is there even anyone who verifies Signal builds on a regular basis/automatically?


> Gnutella is just distributed and FreeNet is anonymous.

That's a dangerous meme to be spreading. FreeNet is not anonymous. Peers know your IP address. And malicious peers can learn what chunks your node is handling. Sure, there's "plausible deniability". And common probabilistic attribution arguments are bogus. But that's cold comfort after the SWAT team has impounded all of your gear.


> And malicious peers can learn what chunks your node is handling.

They can't however tell if you are serving them or if you cached them due to their requests.


That's true. But it's a long way from "anonymous".


It seems like short messages are a perfect case for onion routing (not The Onion Router, but the general idea of onion routing).


Signal leaks more metadata.

All the metadata of Signal is available in one single system, transmitted across the globe into a foreign, and hostile country.

In fact, we have to assume every bit that ever goes through the US is logged and stored by the NSA, and that makes Signal entirely untrustworthy.


You might check out Conversations too (https://conversations.im/), it's a federated XMPP (with some really clever extensions) based approach that uses the signal protocol.


Yes it is:

https://github.com/WhisperSystems/Signal-Server

It's sure become fashionable to hate on Signal/OWS. The price of actually successfully bringing good encryption mainstream?

Edit: The comment I replied to originally included a question on whether Signals server is even open source.


Signal is not mainstream. And you can't verify that Whatsapp/Allo have implemented the whisper protocol the way they claim to. We are being asked to "just trust them".


I have had success with getting lots of people on it. And the key selling point that it is no more difficult than WhatsApp makes that possible.

And that "no more" is really important. "Just slightly more" won't do. Especially not if it's "slightly more to someone who frequents HN". Because that's likely already prohibitive to most.

Take a person that just barely knows how to operate the play store. I can instruct that person over phone how to start chatting with me securely in a minute or two:

Go to the play store, download signal, open signal, I'm already there in your contact list. Write me a message. Done.

That's an amazing achievement. The much maligned fact that phone numbers are used as identifiers is key to that experience, too, because my phone number already is on that persons phone.

And yeah, I can't verify Whatsapp, but I still trust that Moxie et.al. have checked their implementation. Still that's why I push people to switch to Signal rather than stay on WhatsApp. Doubly so as WhatsApp belongs to Facebook now (I loved their original 1 Dollar a year business model, and if they still had that I would trust them a lot more).

Even with doubts about Facebook, it almost certainly is a massive win that WhatsApp implemented this. It makes WhatsApp immune to being subpoenaed for conversations, and thus they have a clear motive to implement it properly, too.


Signal is mainstream enough to have been used by the Clinton campaign in 2016 for internal communication. That's pretty mainstream.


A presidential candidate (and team) of one of the more powerfull countries in the world using Signal is not "mainstream". It's "due diligence".


> The comment I replied to originally included a question on whether Signals server is even open source.

Sorry about that, I had looked it up just a second after I posted and then removed that line.

> hate on Signal/OWS

I don't mean to hate on them, just their stance on getting away from Google, using F-Droid, federating their service and many other things has been more than a bit of a mess or disappointment. I'm glad they finally made a step in the right direction and I hope this will continue.


The thing is, they gave good reasons on all these points. It's certainly valid to disagree with the trade offs, but people don't acknowledge that there are trade offs at all.

As I said in another reply, I can get a completely non-technical user to start using Signal with me in a minute, and have them have an experience that is as accessible as WhatsApp. That's simply not true for any of the other options I'm aware of (and it relates directly to most of the points you raise, with the notable exception of F-Droid. There I also find their reasoning weakest).


You can host a server, but you can't talk with people on the official Signal server or any other Signal server, as far as I am aware. This is not federated, just allowing of other isolated centralized clusters.


The Signal server software has federation support. It's not enabled (anymore) on the official server but anyone could set up a server and federate with other federation enabled Signal servers.


I really like XMPP and use it with conversations.im every day. I even have my own XMPP server for friends and family, but it feels as if only very few developers spend time on modern clients. XMPP with its extensions is pretty mature and works great (if properly implemented). Sadly there very few up to date clients. Conversations.im seems to be the exception here. It is very stable, mature and energy efficient, but still lacking audio and video support.

I wish there would be more devs building modern clients for XMPP instead of building the 100th communication system.


I use it, but feel like XMPP is dated and complicated. All the extensions and whatnot are awkward to get setup and you can't make assumptions about how well they're implemented or built on the server you're on or communicating with. I intend to move to matrix/riot when it gets more stable. Things like video are second class citizens on XMPP too and the desktop apps are painful in my experience.


I definitely wouldn't suggest it for video, but I've never had an interest in video conferencing in general. Extensions are pretty straight forward in my experience - either your server supports them or it doesn't, but most of the time they only impact client-to-server in this case rather than server-to-server.


What does this mean for an official Fdroid option?


Requiring Google Play Services is not the main reason Signal hasn't been on F-Droid; you can read Moxie's thoughts on the subject in these comments (and in other places):

https://github.com/WhisperSystems/Signal-Android/issues/127#...

https://github.com/WhisperSystems/Signal-Android/issues/281#...


While google play certainly helps with these issues, I currently have both whatsapp and firefox installed from their respective websites by downloading the APK directly. WhatsApp is happy to notify me when there's an update, and it's one click to download and install. Firefox downloads the update automatically, and again, it's one tap to start the install. Mozilla crash reporter runs when it needs to, etc.

So while google play gives you these features "for free," it's not impossible at all to have them without. Only unattended upgrades requires special access, and to be honest personally I never want things modifying what's installed without asking.


The thing is, you know what you're doing. He makes a fair point in that his target audience is people who don't know what they're doing, which is inevitably going to lead to people downloading "brand new updates" that are full of malware, or worse, backdoored.


Some of these are solved by setting up their own repo (though you can't force users to update in F-droid). Some of the tracking things can be handled, I believe, if they were built out and opt-in.

https://f-droid.org/wiki/page/Setup_an_FDroid_App_Repo


Moxie choose the wrong license for signal, it doesn't reflect his intent.


If I really wanted a phone that was clean, It would probably not be attached to a google account. This is where signal would really shine anyway.


Taking this long to shake officially somewhat free of the the Play Store horror is one thing which tells me to stay clear of Signal.

Not that it matters. The phone number thing was a dealbreaker from the beginning.


Very welcome news.

I discovered after doing a clean flash recently that the ability to have Google Play Services on the phone but disabled, became unavailable. I used to use it exclusively for Signal - it meant no push notifications, but I could still foreground the app for it to check for messages.

I was disappointed that I could not install Signal again, even though my phone number was registered, without Google Play.

I was preparing to walk the microG services (or similar) path, but now I don't have to.


I don't feel like wading through a diff to find out so could someone explain what they changed? How are they handling notifications and what impact might this have on battery life?


Won't this just drain the battery very quickly?


Sure it will. But there isn't so much they can do about it. Google could.

Still, people asked for an option to use Signal without Play Services, and here it is. Even if it will drain their battery a lot faster. Moxie actually said this beforehand:

> I expect it to have high battery consumption and an unreliable user experience

source: https://news.ycombinator.com/item?id=12883410


> I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services.

So for those who are still running on devices with Play Services, it will still use GCM, and hence won't be a drain on the battery?


> So for those who are still running on devices with Play Services, it will still use GCM, and hence won't be a drain on the battery?

Correct


My phone is way more battery light since getting off Google Services completely. Conversations uses a similar solution, I think, and I have way more battery at the end of the day than when my phone was stock Google Android.


Yes. But everything is tradeoffs. Some people are apparently ok with less battery life instead of Google Play Services. Its been a very big critique of Signal for I long time.

Personally, I think it is a pretty poor critique but this allows people to make that choice for themselves, which for some people is important.


Conversations works fine without draining the battery so I don't see why Signal should.


I've been running WhatsApp without google play for quite some time now, and I haven't noticed any battery drain. The only downside is when Android occasionally will kill WhatsApp to save on RAM or something, and I don't get any new messages until I open the app.

Though to be fair, every android phone I've used seems to have a problem with occasionally "forgetting" to get messages until I check for some reason or another.


I've always found Google Play Services was the #1 battery drain on my S7, 15-20% each day even on a brand new/stock build.


I'm not too familiar with Android, but wouldn't it be possible to set up a timer and periodically check for new messages and such?


Is that because of not depending on GCM/FCM? Just curious how you were able to deduce that?


Why?


Finally, all the 10 people who were waiting for this can use Signal.


Google Play Services was a hard dependency. People complained about it all the time and asked to remove it. Now they have finally done what users have asked for, and what is the reaction? "Who the heck needs this?" Well, that's how it always is.


Both your comment and the parent comment can be valid at the same time.


No doubt, but this is not about facts (I'm even sure they're both true at the same time!) -- this is about attitude.


Why would it be surprising to you that two different sets of people have two different attitudes?


The problem is, only the people who want something ask you about it. No-one's emailing to say "hey the Google Play integration is great - don't remove it!"

Then after you do what the people emailing you wanted, all the people who were silent chime in. "Wait a minute, why were you spending your time on that? None of us wanted it!"

That's why it always feels like marco1 described.


Few people use phones without Google Play Services.

Because of that, it doesn't make sense for application developers to support the use case.

Because of that, lots of applications don't work without Google Play Services.

Because of that, few people use phones without Google Play Services.

(And then people complain about the lack of open Android alternatives, or that other OSs such as Sailfish do not take off despite doing crazy things to support Android applications.)


After all these years I have never installed google services or used anything related to it. On SailfishOS I use f-droid and aptoide and some random apks from the web after using some weird websites that I'm pretty sure probably did bad things because they just go and supposedly get the apks from play store but I have no idea what they really do.

All the applications I try and that require stuff from google they just crash randomly or at some specific options. I just uninstall them or try to be very careful for them not to crash. It's horrible experience and it's not something so hard to prepare for. Some apolications handle it showing that an action can't be done and I'm ok with it, that's simple, but crashing because the services are not installed is just plain ridiculous, lazy and bad engeneering.

Once upon a time slack just worked fine, just didn't auto refreshed updates, then on one update it started crashing and currently since a while ago an annoying message appears everytime I focus/open the apllication saying that I don't have the play services despite the application working completly fine. The proper thing to do would just to be a messsge saying something like: " the app requires google services, the quality of the experience will be reduced and actions FOO and BAR will not work. options: continue anyway, exit and continue and remeber that option" in order for it to be persintent and stop being annoying. Not that hard.

I just endup not using a bunch of applications that I would like to. Apps that use maps or or try to get location will usually just crash. I never even installed Uber or tried it because I'm pretty sure it will just not work, so I didn't even try it.

microG is the best thing I could hope for, but I really tried to use it but was not able too. It requires something about signing or whatever that just didn't work after I tried a lot doing things with Xposed or what it was called. Even getting to a point where that almost worked was crazy.

I'm pretty sure the experience will be pretty similar in any other alternative OS that has to deal with this crazy environment.

And I will never get a "real" android where that thing will come installed, I refuse to. I was thinking of changing phones to some android based thing, but the support of hardware is very limited, so I'm pretty stuck. Waiting for any newer Jolla phone or any other alternative phone/OS that works.


You can actually install Google Play Services on Sailfish and it's easy to do, but not officially supported obviously.


The actual Google Play Services or microG? Last time I checked the solution was microG but it requires you to root your phone, which on Sailfish basically means you don't care about security at all.


The actual Google Play Services: https://together.jolla.com/question/30926/howto-install-goog...

It's basically just installing the APK, although there are a few more steps than I thought I remembered.


True, but still I like this kind of resistance ;)


This move is good at least from an ideological standpoint, as Google Play Services undoubtedly leaks data. Signal is of course not heavily reliant on Google Play Services; thus seems like a good solution for the most security-conscious, even if Signal is about reaching as many users as possible.


The are 1 billion people in China who have easy access to Android phones which do not have Google Play Services installed and provide no access the Play store. There are potentially more than 10 people out of those 1 billion that could have a use for Signal.


Sure, but does signal work in China? I'd be impressed if it did without any tunneling.


Last time I played a bit with Signal, about a year ago, the app was a bit fussy but functioned without extra measures. And I believe it was the sign up procedure that was a bit fussy. Regarless, though, Chinese communications controls are constantly improving, and what works one day will not necessarily work the next.


There are dozens out there. Dozens.


Hopefully the number of people who object to Google installing a webcam in their underpants drawer is a bit larger than that.


Anecdata, but make that 11! I've wanted this for months and even sponsored the bounty.


I was waiting for this so I could use Signal on my BlackBerry Z30 (running BB10 with Android compatibility), but I have since swapped over to Android as there were just too many things missing. Shame, I really miss the hub. I guess I can buy the BB app to replace it.


I'm one of these lucky 10.


I don't get notifications on Signal. Android 6.0. Anyone else experience this?


No, notifications work for me. Android 7.1.1. Check out their support page for some ideas to fix this: https://support.whispersystems.org/hc/en-us/articles/2181125...


Yes, I have ensured all my settings are correct. I get notifications when someone "new" joins signal but not when a message comes through. Same issue with Telegram. I suspect it's an issue with Android notifications.


I did, the solution was to uninstall signal, install it again. Then head to the app section in android and make sure the notification permissions are enabled


Cool will try that thx


I wish every app would be possible to use without Google Spy Services.


Has anyone tried Signal's voice calling? The overall voice quality is very poor and the voice volume is extremely low. And call me stupid, but I could not even find the video call button in signal (on android).

I had to sadly switch back to whats app because voice and video quality are stellar.


Voice is getting better. It's in beta right now. Both parties need to enable it in the settings right now. I tried it recently, and it worked quite well for the most part. They'll presumably iron out the issues before a general release.


Are you talking about Video and not Voice? I didn't have to enable anything for Signal Voice calls.


Yes, it's the same setting for both video and voice, which uses the newer webrtc stuff. The old voice support is being phased out, which is probably what you've used in the past.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: