I’ll cut straight to the chase: updating the Signal app annoys me and I’d like to know your best practices.

As far as I know, there are three ways of updating Signal:

  1. From the Play Store. This works quite reliably, yet comes at the cost of trusting and connecting to Google’s servers.
  2. Via the app’s built-in auto-updater that will, after a while, suggest an update through a notification. However, the frequency of these updates is really lackluster and thus unreliable, and there’s no way to trigger an update check manually.
  3. Via the APK on Signal’s website. In order for this to work, you need to have done the initial installation of the app from an APK already. Also, as far as I know, this version will not use GCM / Push notifications, but rather deliver notifications through a web socket, which is a huge drain on battery. Also, you’ll have to constantly check for updates yourself or rely on the (unreliable) self-updating mechanism (see 2).
  4. //Edit a fourth way might be to just update via Obtainium and pulling APKs off their Github. I’m not sure what that does to GCM/Websocket usage, see 3.

Let me know how you do it, and if there’s something I’ve overlooked.

  • Hund@feddit.nu
    link
    fedilink
    arrow-up
    1
    ·
    3 days ago

    Phone numbers are an issue, true, though you can get around that using a burner SIM or even a virtual phone number.

    You can’t buy any SIM here without providing ID. I believe that’s more of a rule than an exception these days, but I don’t have any actual numbers to back up my claim.

    However. I don’t think that anyone requiring extreme privacy would use any phone whatsoever.

    Also, contact discovery has been working without exposing your phone number for over a year now.

    I trust Signal when it comes to security and privacy.

    The phone can be made by anyone. The OS needs to be Android or iOS at some point, which is unfortunate

    With the Google Play Services or whatever it’s called, which is required for notifications to work.

    Remember that they have killed people based on metadata alone.

    That said, deGoogled Android has been around for more than a decade, allowing you to use Android in a privacy-friendly way.

    It’s what I’ve been using for years. :) GApps has always been optional. Back in the days vanilla Android was even perfectly useable without GApps! It feels like AOSP is basically only a kernel these days.

    So if you want, you absolutely can avoid being tied to Google and use Signal.

    Yes, but you will have to rely on third party clients, which Signal don’t like. That’s not a great experience. :/

    As you can see, there’s a lot more nuance here than “Signal isn’t private”; privacy, after all, isn’t binary, but rather a gradient.

    I guess so. I’m not much of a person of nuances though. I like living in a binary world. :D

    The way I see it, Signal sits in a Goldilocks Zone of “private enough” (for most threat models) and “convenient enough” for mainstream adoption.

    That is true. Perhaps I’m a bit hard at them, but then again, I’m a binary person. ;)