I heard about that you can check via a hash code if the Signal Open Source Code the same code like the App Store Code is this true, have some one more informatons about this ?

  • riccardo@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    3 years ago

    The Android app allows reproducible builds since 2016:

    As of our latest Android release, Signal builds are reproducible. Reproducible builds help to verify that the source code in our GitHub repository is the exact source code used to build the compiled Signal APK being distributed through Google Play.

    Anyway:

    Remaining Work

    Reproducible builds for Java are simple, but the Signal Android codebase includes some native shared libraries that we employ for voice calls (WebRTC, etc). At the time this native code was added, there was no Gradle NDK support yet, so the shared libraries aren’t compiled with the project build.

    Getting the Gradle NDK support set up and making its output reproducible will likely be more difficult.

    No idea if progress has been made about native shared libraries, but there are probably more info about this in their reproducible builds readme

    I don’t think this is available for the iOS app (there is an open issue on GitHub about this)

    • charlie_root@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      3 years ago

      As of our latest Android release, Signal builds are reproducible.

      Not true anymore. however, the Telegram one is. :)

      But you know, if the server is proprietary…

      And I’ll add that as soon as you use an iPhone or Android, it’s dead anyway.