My signal app a week ago had 2 seperate, a few days apart, app updates from the app itself. Asking to check install from unknown sources to be checked inside the settings. Giving prompts from the notification drop down. Such as app update available. Click it, asked for setting to be checked, I checked it, it said it updated, all seems well and fine.
But doing this outside of both stores which usually update the app from say F droid or Aurora. I’ve never seen this happen ever. It wasn’t a user confirmation. It was a total app update.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
Android phone. Pixel. Gos.
I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.
My other devices all use the Play version through Aurora Store, and always updates through that.
Maybe there’s a config/setting somewhere?
But also, maybe don’t use F-Droid for apps regarding privacy.
https://privsec.dev/posts/android/f-droid-security-issues/
This article seems like a lot of FUD written from an anti-FOSS perspective. In their second point, they say that F-droid’s inclusion policy is “ridiculous” for requiring programs exclude proprietary software. I think the author is ridiculous for asking for this. This is what F-droid is for. I don’t want any proprietary apps or libraries on my phone. If developers only want to work on their proprietary software, they don’t get into F-droid. If they make a modified FOSS version and put it in F-droid, and let it bitrot and go unpatched when vulnerabilities are discovered, and F-droid issues a security advisory for that program, that’s not F-droid’s fault.
🚩🚩🚩
A blatant scam to backdoor our devices with software which fails to include a libre software license text file, software we do not control, anti-libre software.
I think about F droid and this aspect from time to time.