• doodledup@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    4
    ·
    3 months ago

    They don’t have reproducible builds afaik (unlike Signal). You can have a completely different code running on your phone than on GitHub.

    Besides, who is using Secret Chat anyways? All default chats and group chats are unencrypted.

    • woelkchen@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      4
      ·
      3 months ago

      You can have a completely different code running on your phone than on GitHub.

      Just use the F-Droid version if there is any doubt.

      Besides, who is using Secret Chat anyways?

      Probably Russians who used Signal before.

      • doodledup@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        3
        ·
        3 months ago

        The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

        • Nonononoki@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          It’s reproducible if you compare it with F-droid’s tarball, which has all the source code in it.

        • woelkchen@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          3 months ago

          The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

          F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.