Viewing a single comment thread. View all comments

edmund_the_destroyer wrote

The last option, RedPhone, is by Open Whisper Systems, the same company that does Signal. But there's an article making a compelling argument that Open Whisper Systems is not trustworthy: https://drewdevault.com/2018/08/08/Signal.html If you don't feel like reading the whole article, just go to the last section "Trust, Federation, and Peer-to-Peer chat".

4

edmund_the_destroyer wrote

As the article I linked states, Google Play Services is effectively a rootkit on your Android device. It can make any changes it likes at any time. So if the NSA or your local equivalent takes an interest in you, they can compel Google to place snooping software on your phone. Then it doesn't matter what else you run, they'll capture all of the unencrypted data before it enters your secure communication software and they'll capture all of the unencrypted responses after they leave your secure communication software to appear on screen or come out as sound. Apple has the same control over iPhones, so all of the same concerns apply.

So these secure messaging apps make it harder for Google's routine data collection or your wireless carrier to snoop on what you're doing. But if you want true privacy you need to run an Android variant without Google Play Services.

4