Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

  • nottheengineer@feddit.de
    link
    fedilink
    arrow-up
    200
    ·
    edit-2
    1 year ago

    The package name is correct, but signal was never on F-droid.

    Do you have a third party repo that might be compromised?

    Edit: Package name isn’t correct, so that’s almost definitely a compromised version. Get rid of it ASAP.

    • miss_brainfart@lemmy.ml
      link
      fedilink
      arrow-up
      88
      ·
      1 year ago

      To add to that:

      Always check the projects’ website to see the official ways it’s distributed, before you just download it from anywhere.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          1 year ago

          Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It’s still not a reason to download it from a source you haven’t verified to be official

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.

            Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal

            • miss_brainfart@lemmy.ml
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              Call it blame, but that decision is fully within their right, and what Twinhelix does technically violates F-Droids’ guidelines. If a creator doesn’t want their app on there, F-Droid calls to respect that.

              The official Signal apk updates itself, so that’s not even an issue.

              If your unoffical build from a third-party gives you issues one day, you are fully responsible for that.

              • Pantherina@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Huh? They could just as well provide a blobfree APK themselves. They have their Google Play crap already, everyone not using that will probably also have a googlefree OS.

                They have a FOSS client and provide no FOSS binaries, which is totally their right. I heard their Desktop clients are not reproducible though, maybe because of Electron?

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      48
      ·
      1 year ago

      org.thoughtcrimes.securesms

      It actually might not be, googling "org.thoughtcrimes.securesms" doesn’t get results.

      thoughtcrimes vs. thoughtcrime

      • nottheengineer@feddit.de
        link
        fedilink
        arrow-up
        28
        ·
        1 year ago

        I missed that, thanks for pointing it out. The one without S is the correct one.

        But that makes me wonder, how did OP not end up with two signal apps then?

        • Cegorach@feddit.de
          link
          fedilink
          arrow-up
          27
          ·
          1 year ago

          how did OP not end up with two signal apps then?

          by that popup blocking him from installing the wrong one?