I heard about that you can check via a hash code if the Signal Open Source Code the same code like the App Store Code is this true, have some one more informatons about this ?

  • riccardo
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    3 years ago

    The Android app allows reproducible builds since 2016:

    As of our latest Android release, Signal builds are reproducible. Reproducible builds help to verify that the source code in our GitHub repository is the exact source code used to build the compiled Signal APK being distributed through Google Play.

    Anyway:

    Remaining Work

    Reproducible builds for Java are simple, but the Signal Android codebase includes some native shared libraries that we employ for voice calls (WebRTC, etc). At the time this native code was added, there was no Gradle NDK support yet, so the shared libraries aren’t compiled with the project build.

    Getting the Gradle NDK support set up and making its output reproducible will likely be more difficult.

    No idea if progress has been made about native shared libraries, but there are probably more info about this in their reproducible builds readme

    I don’t think this is available for the iOS app (there is an open issue on GitHub about this)

      • xarvos
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        3 years ago

        I mean, the code is on the server, you can’t know if they’re really using the same source code anyway

      • VostronixOP
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Telegram is a reproducible build, just on Android or also in iOS

    • VostronixOP
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      ohh nice to see there have something like this. thx for the info :)