> Is there an easy way to get a direct HTTPS download link from the Play Store?
Easy? No. But you can grab the apk from any number of third party download sites and verify the signature, and you can also just download it from https://signal.org/android/apk/ . Unless you've installed something via the Play Store, Android won't autoupdate it.
> • It's not the case for iOS.
It's still not hard to obtain iOS packages and verify their contents - it's definitely not as straightforward to use those as it is to sideload updates for Android, but it's still possible to verify that the binary matches the source, and you only need one person to notice.
> • It's not the case for WhatsApp.
Your claim was "Signal encryption doesn’t actually work". WhatsApp uses a whole bunch of Signal, but it's not Signal. This is like claiming that the IoT device I found that uses Signal in the backend but has all the key material in an unprotected Firebase bucket tells us anything about the security of Signal.
> • You have to repeat the process for every update, of which there are many.
No, someone has to. And that's something that could be automated.
> • You don't know what version other people are running, which also matters. Consider group chats!
If your position is "We should have infrastructure that makes it easy for third parties to audit Signal updates correspond to the source code", I absolutely agree! But we can build that with what currently exists, Signal's centralised infrastructure does nothing to prevent that.
> Encryption in which you rely on your adversary to encrypt messages for you is conceptually broken.
Every time someone sends an encrypted message, they're relying on a huge stack of technology that's largely outside their control. If my keyboard becomes untrustworthy, my guarantees are gone. If my video driver becomes untrustworthy, I'm in a bad place. Using any form of technology implies placing some trust in an awfully large set of people. On a daily basis, we're relying on an awful lot of faith. The Signal devs have gone out of their way to make it easier to verify whether that faith is misplaced or not.
But:
> We have no way to know, only faith.
We literally do have a way to know. We can dump every Signal APK installed on every phone and determine whether they match the source. It wouldn't be easy, but it could be done.
> If one day Signal or WhatsApp change the deal… then we can no longer really claim the service is end-to-end encrypted.
Signal doesn't appear to have changed the deal, so it seems like you're saying we can currently claim that it's end-to-end encrypted?
"you can grab the apk from any number of third party download sites"
But people get it from the official app stores and for WhatsApp there's no other option (which is the main one I actually care about because that's where my contacts live).
I think some of this discussion is caused by conflation between Signal-the-tech and Signal-the-app. I could have called it the Axoltl Ratchet instead but I don't think anyone would know what I'm talking about, and anyway, I think it'd be less technically accurate as by now there's lots of stuff to do with group chats etc and I don't know what the underlying code-name is of those schemes. I normally see the whole encryption scheme just be called "Signal encryption".
If your position is "We should have infrastructure that makes it easy for third parties to audit Signal updates correspond to the source code", I absolutely agree! But we can build that with what currently exists, Signal's centralised infrastructure does nothing to prevent that.
We are in 95% agreement indeed! I proposed such an infrastructure in the article, based on threshold signatures, however, it doesn't exist today yet our industry is claiming "we use end-to-end encryption which means we can't read your messages". This claim isn't true - they can read our messages if they want to - and progress seems to have stopped after these rollouts. The claim that it's possible to have a trustless centralized infrastructure provider is a very bold one and currently it's not convincing, so to prove this is possible we need to keep things moving. There has been no attempt to make these services auditable nor even really any recognition that there needs to be. That troubles me a lot. At some point people are going to notice these claims don't add up and trust in the whole software industry may be damaged.
Edit: actually if I recall correctly Signal uses Intel SGX to make some parts of its contact list intersection system auditable. That's a great use of tech to solve some of these problems. SGX is one way to attack the centralized-but-untrusted-provider problem. I don't know if anyone is actually doing remote attestations on a regular basis though.
"Every time someone sends an encrypted message, they're relying on a huge stack of technology that's largely outside their control"
Yes, but those components come from different players, in different countries, with different governments and agendas who often do not trust each other blindly. Hence why mobile radios are now sandboxed, why keyboard apps are sandboxed, Samsung presumably watches out for Google playing naughty games with the Android source as part of their patching and distribution process, etc. Certainly carriers have a long history of treating phone makers as semi-trusted, hence the historically long approval processes.
"Signal doesn't appear to have changed the deal, so it seems like you're saying we can currently claim that it's end-to-end encrypted?"
I believe that is currently the case. I cannot prove it, nor can I prove it will remain the case tomorrow, if it is today, nor can anyone else I trust prove it. Which, logically, means it boils down to faith in Moxie and his employees, people I've never met and do not know. A blog post saying "we promise we're not logging messages" should really carry equal weight.
It doesn't matter what "people" do - what matters is whether a third party can obtain the same package and verify it. And they can!
> This claim isn't true - they can read our messages if they want to
They can read our messages if they want to, and we can detect that that happened, and then nobody uses their app any more.
> Samsung presumably watches out for Google playing naughty games with the Android source
Right! And we can watch out for Signal playing naughty games with their source. If you're ok trusting that Samsung will catch Google being untrustworthy, why are you not ok with trusting that signalverifier69's CI toolchain will catch Signal doing the same? The whole point here is that we don't need to trust Signal, we can absolutely verify it.
If you've got to the point where Google is specifically pushing you a modified app, Google could just push a backdoored keyboard update that exfiltrated all your keyboard inputs instead. Why bother targeting a single app when you can get everything?
I think Android is designed such that even the Play Store cannot replace an installed app with a differently signed one. Or at least it used to be. And, "Android" is controlled by whoever made your phone, not directly by Google unless it's a Pixel device.
That said, it's a thin line. If Google had changed things at some point so that the Play Store could override the signing continuity requirement I wouldn't be remotely surprised.
> I think Android is designed such that even the Play Store cannot replace an installed app with a differently signed one.
They can’t, however Google have recently changed the requirements for submitting an application to the Play Store. You now need to hand over your application signing key. Instead of signing the application to prove authenticity to Android devices then giving it to Google to host, you now sign the application to provide authenticity to Google, and then Google re-signs it with the key you gave them to prove authenticity to Android devices.
So if Google want to provide an alternative binary to a specific person, they can now do that.
If Alice and Bob use the current version of the Signal app, they can't. You're worried about updates, fair enough, if that's within your threat model you're free to delay your updates for as long as you want, until you've reviewed them and waited enough to be relatively confident that a backdoor would have been found by then. Splitting the signing key into several like you suggest would delay updates for everyone while bringing negligible benefits to a tiny minority of Signal users.
Easy? No. But you can grab the apk from any number of third party download sites and verify the signature, and you can also just download it from https://signal.org/android/apk/ . Unless you've installed something via the Play Store, Android won't autoupdate it.
> • It's not the case for iOS.
It's still not hard to obtain iOS packages and verify their contents - it's definitely not as straightforward to use those as it is to sideload updates for Android, but it's still possible to verify that the binary matches the source, and you only need one person to notice.
> • It's not the case for WhatsApp.
Your claim was "Signal encryption doesn’t actually work". WhatsApp uses a whole bunch of Signal, but it's not Signal. This is like claiming that the IoT device I found that uses Signal in the backend but has all the key material in an unprotected Firebase bucket tells us anything about the security of Signal.
> • You have to repeat the process for every update, of which there are many.
No, someone has to. And that's something that could be automated.
> • You don't know what version other people are running, which also matters. Consider group chats!
If your position is "We should have infrastructure that makes it easy for third parties to audit Signal updates correspond to the source code", I absolutely agree! But we can build that with what currently exists, Signal's centralised infrastructure does nothing to prevent that.
> Encryption in which you rely on your adversary to encrypt messages for you is conceptually broken.
Every time someone sends an encrypted message, they're relying on a huge stack of technology that's largely outside their control. If my keyboard becomes untrustworthy, my guarantees are gone. If my video driver becomes untrustworthy, I'm in a bad place. Using any form of technology implies placing some trust in an awfully large set of people. On a daily basis, we're relying on an awful lot of faith. The Signal devs have gone out of their way to make it easier to verify whether that faith is misplaced or not.
But:
> We have no way to know, only faith.
We literally do have a way to know. We can dump every Signal APK installed on every phone and determine whether they match the source. It wouldn't be easy, but it could be done.
> If one day Signal or WhatsApp change the deal… then we can no longer really claim the service is end-to-end encrypted.
Signal doesn't appear to have changed the deal, so it seems like you're saying we can currently claim that it's end-to-end encrypted?