However, if app password is set, it can be defeated by this method. it also implies that the root user on the phone (google services) can pwn the countermeasures against this sort of malicious/malware app behavior. Because the phones are unlocked and the compromised code is running on them, with very high privileges, you can't assume a safe environment at all.
Signal's threat mode is absurd. They are based in San Francisco area but are going up against the entire USA national security system.
Yeah, it's just suspicious in general, the fact that it's not free software as others have mentioned (cannot run own server without fucking with the design pretty significantly) is a major alarm bell.
celebratedrecluse wrote
However, if app password is set, it can be defeated by this method. it also implies that the root user on the phone (google services) can pwn the countermeasures against this sort of malicious/malware app behavior. Because the phones are unlocked and the compromised code is running on them, with very high privileges, you can't assume a safe environment at all.
Signal's threat mode is absurd. They are based in San Francisco area but are going up against the entire USA national security system.