Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.
On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms
Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.
Only official places to download Signal are through the Google Play Store or their website (which self-updates).
deleted by creator
org.thoughtcrimes.securesms specifically?
I may be wrong but isn’t the real one org.thoughtcrime.securesms, not “crimes”?“This app tries to spy on your personal data”
Needless to say Google hates competition
They hate the competition.
Pretty rich coming from google
they obviously want all the data to themselves
Google is like your big brother. They will beat the shit out of you. But If anyone else tries to beat you they will kick their ass.
Maybe a botched version and goolag was triggered. On the safe side get rid of it.
Check the repo where it was downloaded.
From which (enabled) repository does the app come. Signal is not on F-Droid or Izzydroid.
It is but in a different repo
I don’t know about OP, but it is available in https://thecapslock.gitlab.io/fdroid-patched-apps/fdroid/repo and https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo
Yes, I heard that it is in the CalyxOS repo. This seems to be a legit version.
Got something similar yesterday, but for KDE-Connect from F-Droid. Downloaded the Play Store version instead.
Either it got compromised or Google is warning you because it has a different signature than the Google play version
You are using a fake app.
what i get from the playstore. i notice thoughtcrime vs thoughtcrimes fyi
I think it was a typo. I checked the droidfy (fdroid) version and
The package name is correct, but signal was never on F-droid.Do you have a third party repo that might be compromised?
Edit: Package name isn’t correct, so that’s almost definitely a compromised version. Get rid of it ASAP.
To add to that:
Always check the projects’ website to see the official ways it’s distributed, before you just download it from anywhere.
Not applying for signal though, as their apk site is hidden away
Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It’s still not a reason to download it from a source you haven’t verified to be official
No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.
Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal
Call it blame, but that decision is fully within their right, and what Twinhelix does technically violates F-Droids’ guidelines. If a creator doesn’t want their app on there, F-Droid calls to respect that.
The official Signal apk updates itself, so that’s not even an issue.
If your unoffical build from a third-party gives you issues one day, you are fully responsible for that.
Huh? They could just as well provide a blobfree APK themselves. They have their Google Play crap already, everyone not using that will probably also have a googlefree OS.
They have a FOSS client and provide no FOSS binaries, which is totally their right. I heard their Desktop clients are not reproducible though, maybe because of Electron?
deleted by creator
org.thoughtcrimes.securesms
It actually might not be, googling
"org.thoughtcrimes.securesms"doesn’t get results.thoughtcrimesvs.thoughtcrime
My question though is how this popped up in droidify, would someone need to manually add some special repo?
I missed that, thanks for pointing it out. The one without S is the correct one.
But that makes me wonder, how did OP not end up with two signal apps then?
how did OP not end up with two signal apps then?
by that popup blocking him from installing the wrong one?
Oh, that’s from the installer and not one of those warnings you get after opening apps. Makes sense.
Technically it’s from “Google Play Protect” that got triggered during the install but yeah.
Yes, where is that from? Its not in the repos I use.
deleted by creator
Twinhelix is the only one compiling the app from source without proprietary blobs
Turn off Play “Protect”.
In most cases I’d be the first to support your idea.
but here it actually blocked malware?
Didn’t notice the “droid-ify” part, whatever that is. Install apps from trusted sources like F-Droid or dev’s website and you don’t need Google to scan your phone and tell you what you can or cannot install.
Droid-ify is just a different client for F-Droid. It should be safe and uses the same repositories
Actually, it uses more repos
Signal isn’t in the official Fdroid repos
I’m using droidify and couldn’t find signal in there either.
I really like droid-ify. Its a nice, good-looking alternative to fdroid. Also I’d advice to use molly foss instead of the original signal app.
Why?
Here what I replied to someone else:
Fully foss dependencies, degoogled (doesnt require Google Play services), and further hardening to the app. And you can still keep your signal contacts since it is just a fork. Available through Accressant, fdroid, and github.
They could have added their own repos which is the concern here.
Lol what are you talking about.
Droid-ify is an F-droid frontend, that is also in F-droids repo as an installable app so it’s safe, in this case one of the F-droid repos OP has is actually malicious and is installing a modified version of Signal, the package name is wrong org.thoughtcrimes.securesms, it should be thoughtcrime without the S.
I think Play Protect is intrusive, but this time it actually tried to protect OP from a malicious Signal clone.
Droid-ify is an f-droid client, it’s on f-droid too.
The question is, what repo did that apk come from. But I have a feeling OP will not bother with checking it
Don’t, in this case it’s actually blocking a fake app correctly.
Are you installing from Playstore or FDroid?
I’ll just drop this here
What is the benefit of using this instead of Signal?
You get to convince your peers once more to use a different app.
Uses the signal back end and is cross compatible
It seems you are not cross compatible with my joke. I admit, I use an obscure back end.
you don’t have to tell your peers that, you can still convince them to switch anyways
Android tablets as linked devices is why I use it. Something Signal seems to refuse to add.
It has an official F-droid repo.
Also it may work as a temporary solution for those who are having signal troubles
Fully foss dependencies, degoogled (doesnt require Google Play services), and further hardening to the app. And you can still keep your signal contacts since it is just a fork. Available through Accressant, fdroid, and github.
But note that you need to download the Fdroid version for the degoogled version
It’s named after a rave drug.
Hell yeah
I’m on the apk from the signal website. This showed up for me as well.
I recommend checking the official website or the Play Store to ensure that you are downloading the latest and official version of the app.
https://www.signal.org/download/android/
The official website only links to Google Play for the Android client, even on the fairly “hidden” download page.
If the official website redirects you to the Play Store, then it is safe to download the app from there.
And to be noted, I don’t think that the Android app client for Signal is available on F-Droid.
Just get a degoogled phone…
me poor
Degoogle your existsing device
I have an EMUI system, it’s very hard to tinker, but i uninstalled maps and playstore ecc
I generally agree, but in this case, Google Protect actually protected OP from installing a harmful app masquerading as Signal.
Sure? Why can people upload apps called signal there?
