Has anyone had their signal app want to auto update outside of an app store?
-
I have not had this happen. I just have the Play Store one.
It seems odd. Given recent news about various signal things. I'd rather ask than not.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
I have the one installed from the Play Store, and it hasn't done that. It sounds potentially suspect.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
Not clear on where you installed it from...?
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
Not native Signal but it happens with Signal forks that I install after adding repository to F-Droid, I have had a notification of a Signal update, even though I'm not using native Signal.
I disable that notification in the phone app settings and wait for an F-Droid notification of an update to install.
-
Not clear on where you installed it from...?
F droid store originally.
-
Not native Signal but it happens with Signal forks that I install after adding repository to F-Droid, I have had a notification of a Signal update, even though I'm not using native Signal.
I disable that notification in the phone app settings and wait for an F-Droid notification of an update to install.
So you don't think it's something to be concerned about? I turned off install from unknown sources. App store F-Droid says it's up to date.
-
I have the one installed from the Play Store, and it hasn't done that. It sounds potentially suspect.
Does seem odd doesn't it. How could I verify the app is authentic and no malware or anything has accessed my phone.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
My Signal auto updates via Obtainium. That is outside of a store. I think I remember the two updates your talking about.
-
F droid store originally.
Signal isn't on F-Droid out of the box, I don't think, but it is in the Guardian repo and probably in a few others as well. I downloaded the Signal apk directly from their website, and that version does auto update and has for quite some time.
-
So you don't think it's something to be concerned about? I turned off install from unknown sources. App store F-Droid says it's up to date.
I'm completely open to hearing why the Signal update notification is a concern. I don't worry about it but you may know something that I am not seeing.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.
My other devices all use the Play version through Aurora Store, and always updates through that.
Maybe there's a config/setting somewhere?
But also, maybe don't use F-Droid for apps regarding privacy.
-
I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.
My other devices all use the Play version through Aurora Store, and always updates through that.
Maybe there's a config/setting somewhere?
But also, maybe don't use F-Droid for apps regarding privacy.
I think about F droid and this aspect from time to time.
-
My Signal auto updates via Obtainium. That is outside of a store. I think I remember the two updates your talking about.
It was 10 days ago for the last update, then the first one was a few days prior to that. Those two were the only two ever to have that happen.
-
Does seem odd doesn't it. How could I verify the app is authentic and no malware or anything has accessed my phone.
There are virus scanners for Android - I have Bitdefender on mine - but I don't know how effective they are. Back in the day they were a bit of a gimmick; I don't know whether they're better now.
I have seen other apps from F-Droid do this. NewPipe, I think, used to prompt me for updates even though I had installed it from F-Droid. But I was always a bit unsure so I tended to just go back to F-Droid to install newer versions. Maybe it's a thing some apps do but I don't know why they should need to and I don't entirely trust it.
-
I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.
My other devices all use the Play version through Aurora Store, and always updates through that.
Maybe there's a config/setting somewhere?
But also, maybe don't use F-Droid for apps regarding privacy.
This article seems like a lot of FUD written from an anti-FOSS perspective. In their second point, they say that F-droid's inclusion policy is "ridiculous" for requiring programs exclude proprietary software. I think the author is ridiculous for asking for this. This is what F-droid is for. I don't want any proprietary apps or libraries on my phone. If developers only want to work on their proprietary software, they don't get into F-droid. If they make a modified FOSS version and put it in F-droid, and let it bitrot and go unpatched when vulnerabilities are discovered, and F-droid issues a security advisory for that program, that's not F-droid's fault.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
If you trust the initial install then unless there is a warning about the signing key you are good. Only signal devs can sign the builds so if you installed the play store version then then updated with their apk or fdroid then it should just work as the signing key is the same.
-
My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings. Outside of both stores which usually update the app from F droid and Aurora stores.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
You should consider using Molly, a fork of Signal with Unified Push.
-
It was 10 days ago for the last update, then the first one was a few days prior to that. Those two were the only two ever to have that happen.
Yes. I remember seeing the notifications. I then went to Obtainium and updated. What I do not know is if these were signal or obtainium notifications. It did seem odd at the time.
-
I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.
My other devices all use the Play version through Aurora Store, and always updates through that.
Maybe there's a config/setting somewhere?
But also, maybe don't use F-Droid for apps regarding privacy.
open-source
whatever software
development modelA blatant scam to backdoor our devices with software which fails to include a libre software license text file, to steal our control and privacy with anti-libre software.
-
It was 10 days ago for the last update, then the first one was a few days prior to that. Those two were the only two ever to have that happen.
I had the same at the same time. I ignored the app request and updated from app store
