this post was submitted on 12 Oct 2023

229 points (100.0% liked)

Privacy

787 readers

1 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

229

Today I got this POP-UP, anyone? (lemmy.dbzer0.com)

submitted 11 months ago by Harry_h0udini@lemmy.dbzer0.com to c/privacy@lemmy.ml

61 comments fedilink hide all child comments

Originally I've download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

top 50 comments

sorted by: hot top controversial new old

[–] nottheengineer@feddit.de 168 points 11 months ago* (last edited 11 months ago) (3 children)

~~The package name is correct~~, but signal was never on F-droid.

Do you have a third party repo that might be compromised?

Edit: Package name isn't correct, so that's almost definitely a compromised version. Get rid of it ASAP.

[–] miss_brainfart@lemmy.ml 71 points 11 months ago (1 children)

To add to that:

Always check the projects' website to see the official ways it's distributed, before you just download it from anywhere.

[–] Pantherina@feddit.de 4 points 11 months ago (1 children)

Not applying for signal though, as their apk site is hidden away

[–] miss_brainfart@lemmy.ml 3 points 11 months ago (2 children)

Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It's still not a reason to download it from a source you haven't verified to be official

[–] Pantherina@feddit.de 5 points 11 months ago (1 children)

No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.

Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal

[–] miss_brainfart@lemmy.ml 3 points 11 months ago (1 children)

Call it blame, but that decision is fully within their right, and what Twinhelix does technically violates F-Droids' guidelines. If a creator doesn't want their app on there, F-Droid calls to respect that.

The official Signal apk updates itself, so that's not even an issue.

If your unoffical build from a third-party gives you issues one day, you are fully responsible for that.

load more comments (1 replies)

[–] otter@lemmy.ca 48 points 11 months ago* (last edited 11 months ago) (2 children)

org.thoughtcrimes.securesms

It actually might not be, googling "org.thoughtcrimes.securesms" doesn't get results.

thoughtcrimes vs. thoughtcrime

My question though is how this popped up in droidify, would someone need to manually add some special repo?

[–] nottheengineer@feddit.de 26 points 11 months ago (1 children)

I missed that, thanks for pointing it out. The one without S is the correct one.

But that makes me wonder, how did OP not end up with two signal apps then?

[–] DAT@feddit.de 25 points 11 months ago (1 children)

how did OP not end up with two signal apps then?

by that popup blocking him from installing the wrong one?

[–] nottheengineer@feddit.de 17 points 11 months ago (1 children)

Oh, that's from the installer and not one of those warnings you get after opening apps. Makes sense.

[–] amju_wolf@pawb.social 6 points 11 months ago

Technically it's from "Google Play Protect" that got triggered during the install but yeah.

[–] Pantherina@feddit.de 3 points 11 months ago

Yes, where is that from? Its not in the repos I use.

[–] Pantherina@feddit.de 5 points 11 months ago (1 children)

Twinhelix is the only one compiling the app from source without proprietary blobs

[–] geoma@lemmy.ml 12 points 11 months ago

And molly.im

[–] Skimmer@lemmy.zip 60 points 11 months ago* (last edited 11 months ago)

Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.

Only official places to download Signal are through the Google Play Store or their website (which self-updates).

[–] kworpy@lemm.ee 48 points 11 months ago* (last edited 5 months ago) (4 children)

"This app tries to spy on your personal data"

Needless to say Google hates competition

[–] Anticorp@lemmy.ml 42 points 11 months ago

They hate the competition.

[–] yoz@aussie.zone 19 points 11 months ago

Pretty rich coming from google

[–] Catsrules@lemmy.ml 16 points 11 months ago

Google is like your big brother. They will beat the shit out of you. But If anyone else tries to beat you they will kick their ass.

[–] stebo02@sopuli.xyz 14 points 11 months ago

they obviously want all the data to themselves

[–] Quereller@lemmy.one 44 points 11 months ago (2 children)

From which (enabled) repository does the app come. Signal is not on F-Droid or Izzydroid.

[–] sylphio@lemmy.ml 6 points 11 months ago (1 children)

I don't know about OP, but it is available in https://thecapslock.gitlab.io/fdroid-patched-apps/fdroid/repo and https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo

load more comments (1 replies)

[–] AnokLola@lemm.ee 42 points 11 months ago (1 children)

I recommend checking the official website or the Play Store to ensure that you are downloading the latest and official version of the app.

[–] bob_lemon@feddit.de 28 points 11 months ago (2 children)

https://www.signal.org/download/android/

The official website only links to Google Play for the Android client, even on the fairly "hidden" download page.

[–] Pantherina@feddit.de 32 points 11 months ago* (last edited 11 months ago)

They hide it away, thats the tricky part

https://signal.org/android/apk/

Below the Playstore link

[–] AnokLola@lemm.ee 16 points 11 months ago* (last edited 11 months ago)

If the official website redirects you to the Play Store, then it is safe to download the app from there.

And to be noted, I don't think that the Android app client for Signal is available on F-Droid.

[–] not_a_king 34 points 11 months ago (1 children)

what i get from the playstore. i notice thoughtcrime vs thoughtcrimes fyi

load more comments (1 replies)

[–] 0x2d@lemmy.ml 22 points 11 months ago* (last edited 11 months ago) (1 children)

It's a fake copy of Signal

The actual package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms

Also Google officially recommends Signal on the Android website last I checked, so I don't see why Play Protect would flag it as malware

edit: attach screenshot of package name

edit 2: fix typo in package name (accidentally typed thoughcrime)

load more comments (1 replies)

[–] possiblylinux127@lemmy.zip 13 points 11 months ago (1 children)

I'll just drop this here

https://molly.im/

[–] nameisnotimportant@lemmy.ml 11 points 11 months ago (4 children)

What is the benefit of using this instead of Signal?

[–] pufferfischerpulver@feddit.de 18 points 11 months ago (1 children)

You get to convince your peers once more to use a different app.

[–] NullGator@lemmy.ca 13 points 11 months ago (1 children)

Uses the signal back end and is cross compatible

[–] pufferfischerpulver@feddit.de 4 points 11 months ago

It seems you are not cross compatible with my joke. I admit, I use an obscure back end.

[–] Anticorp@lemmy.ml 14 points 11 months ago (1 children)

It's named after a rave drug.

[–] LufyCZ@lemmy.dbzer0.com 7 points 11 months ago

Hell yeah

[–] Lemongrab@lemmy.one 7 points 11 months ago

Fully foss dependencies, degoogled (doesnt require Google Play services), and further hardening to the app. And you can still keep your signal contacts since it is just a fork. Available through Accressant, fdroid, and github.

[–] possiblylinux127@lemmy.zip 4 points 11 months ago

It has an official F-droid repo.

Also it may work as a temporary solution for those who are having signal troubles

[–] cl4p_tp@lemmy.dbzer0.com 10 points 11 months ago

I'm on the apk from the signal website. This showed up for me as well.

[–] Blizzard@lemmy.zip 8 points 11 months ago (2 children)

Turn off Play "Protect".

[–] DAT@feddit.de 71 points 11 months ago (1 children)

In most cases I'd be the first to support your idea.

but here it actually blocked malware?

[–] Blizzard@lemmy.zip 6 points 11 months ago (3 children)

Didn't notice the "droid-ify" part, whatever that is. Install apps from trusted sources like F-Droid or dev's website and you don't need Google to scan your phone and tell you what you can or cannot install.

[–] ReversalHatchery 14 points 11 months ago

Droid-ify is an f-droid client, it's on f-droid too.

The question is, what repo did that apk come from. But I have a feeling OP will not bother with checking it

[–] Black_Gulaman@lemmy.dbzer0.com 12 points 11 months ago

Lol what are you talking about.

load more comments (1 replies)

[–] MangoPenguin@lemmy.blahaj.zone 3 points 11 months ago

Don't, in this case it's actually blocking a fake app correctly.

[–] bbbhltz 7 points 11 months ago (1 children)

Yes. I had it too!

And I download directly from the website and it aelf-updates. Nothing but an annoyance.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

That's Signal.

[–] Extrasvhx9he@lemmy.today 34 points 11 months ago (1 children)

"Thoughtcrime" shouldnt be plural at least its not on my version and for other posters on this thread

[–] bbbhltz 3 points 11 months ago

Didn't spot that. Mine is singular...

load more comments