> It does connect to google's servers for pretty much everything [1]
Have you actually looked at that code? It's for domain fronting[0], so nothing shady, and it's only used when you're in Egypt, UAE, Oman, Qatar, or Iran. Have a look at
> you can look for these constants in the codebase and you'll find lots of things that would worry any netsec person, including the key backup related stuff
I just ran a recursive grep on the entire repository and the file you referred to is effectively the only place where a google.com URL shows up in the code (apart from two or three more instances which are not suspicious, either).
Maybe I'm missing something, so feel free to prove me wrong, but right now my impression is that you're spreading FUD for no good reason.
Have you actually looked at that code? It's for domain fronting[0], so nothing shady, and it's only used when you're in Egypt, UAE, Oman, Qatar, or Iran. Have a look at
https://github.com/signalapp/Signal-Android/blob/d74e9f74103...
vs
https://github.com/signalapp/Signal-Android/blob/d74e9f74103...
and, finally,
https://github.com/signalapp/Signal-Android/blob/d74e9f74103...
> you can look for these constants in the codebase and you'll find lots of things that would worry any netsec person, including the key backup related stuff
I just ran a recursive grep on the entire repository and the file you referred to is effectively the only place where a google.com URL shows up in the code (apart from two or three more instances which are not suspicious, either).
Maybe I'm missing something, so feel free to prove me wrong, but right now my impression is that you're spreading FUD for no good reason.
[0]: https://signal.org/blog/looking-back-on-the-front/