Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.
On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.13K Posts
- 78.3K Comments
- Modlog
KDEconnect from FDroid also go similar warnings. Might be related or OPs app might really be fake. https://twitter.com/albertvaka/status/1712954968477401478
It’s a fake copy of Signal
The actual package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms
Also Google officially recommends Signal on the Android website last I checked, so I don’t see why Play Protect would flag it as malware
edit: attach screenshot of package name
edit 2: fix typo in package name (accidentally typed thoughcrime)
Thanks mate
I think this app is pretty bullshit, if you want something secure just use Element… https://element.io/download
Signal isn’t even fully open source, there is an obscured closed source code to check if you are sending spam/scam which probably also allows them to read your messages. They are good coding and making protocols, but they are forced to leak any data to the USA by law and also forced to not say anything about this.
Ah, and Element is officially on F-Droid. No bullshits.
that closed source code part you mention is on the server side… the client and protocols used are fully open source and constantly peer reviewd. signal cant really “leak” your messages to anyone since they are end to end encrypted.
https://signal.org/blog/keeping-spam-off-signal/
Yup, that’s it.
Explaining myself better, it might be secure as it looks, still I keep the “bullshit” words as Molly comments are mainly that, he didn’t want to upload it on F-Droid claiming it is too unsecure (no auto updates, lack of singing) so he decided to join Google Platform. He didn’t help F-Droid to fix anything, still there are many frontend clients that work pretty good. He just abandoned people outside Google dominion. When he saw many people got infected (as this current post shows) he created that link to download the APK directly (https://signal.org/android/apk/) so people could at least download it from official sources.
About the report of spam, we all used other chats that had already in the group chatbots to manage this “captcha verifications” plus moderators on groups to check on what’s happening. For unknown people talking to you, normally in other platforms you can “reject chat unless he has your phone number in contacts” and things like this.
The source code I was talking, doesn’t seem a big problem as only reported chats are being sent to that external service, I just don’t trust to an app that works with Google.
Use molly.Im. They have a repository for F-droid.
You are using a fake app.
Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.
Only official places to download Signal are through the Google Play Store or their website (which self-updates).
deleted by creator
Got something similar yesterday, but for KDE-Connect from F-Droid. Downloaded the Play Store version instead.
Either it got compromised or Google is warning you because it has a different signature than the Google play version
Maybe a botched version and goolag was triggered. On the safe side get rid of it.
Check the repo where it was downloaded.
org.thoughtcrime.securesms and I get mine from neo store /fdroid
“This app tries to spy on your personal data”
Needless to say Google hates competition
Google is like your big brother. They will beat the shit out of you. But If anyone else tries to beat you they will kick their ass.
they obviously want all the data to themselves
Pretty rich coming from google
They hate the competition.
org.thoughtcrimes.securesms specifically?
I may be wrong but isn’t the real one org.thoughtcrime.securesms, not “crimes”?
I’ll just drop this here
https://molly.im/
What is the benefit of using this instead of Signal?
Android tablets as linked devices is why I use it. Something Signal seems to refuse to add.
It has an official F-droid repo.
Also it may work as a temporary solution for those who are having signal troubles
Fully foss dependencies, degoogled (doesnt require Google Play services), and further hardening to the app. And you can still keep your signal contacts since it is just a fork. Available through Accressant, fdroid, and github.
But note that you need to download the Fdroid version for the degoogled version
It’s named after a rave drug.
Hell yeah
You get to convince your peers once more to use a different app.
Uses the signal back end and is cross compatible
It seems you are not cross compatible with my joke. I admit, I use an obscure back end.
you don’t have to tell your peers that, you can still convince them to switch anyways
I’m on the apk from the signal website. This showed up for me as well.
what i get from the playstore. i notice thoughtcrime vs thoughtcrimes fyi
I think it was a typo. I checked the droidfy (fdroid) version and
From which (enabled) repository does the app come. Signal is not on F-Droid or Izzydroid.
It is but in a different repo
I don’t know about OP, but it is available in https://thecapslock.gitlab.io/fdroid-patched-apps/fdroid/repo and https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo
Yes, I heard that it is in the CalyxOS repo. This seems to be a legit version.