• アルケミー船長@lemmy.one
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      Molly is only available on Android, as far as differences it is a hardened fork of signal with an encrypted database, what that means in practice is even if someone was actively probing your phone to try to gain access to messages they wouldn’t be able to due to the encryption. It’s very useful if you are an active target or you don’t trust your phone os to play nice. I personally use it myself and really like it but in general it’s not terribly different.

      • What problem does am encrypted database solve? The phone itself is encrypted through a combination of hardware key storage and the user password, so offline storage attacks aren’t relevant.

        If you can access the Signal database, you have root access or something close to it. If you have root access, injecting a simple Frida gadget into a running app is basically three commands away, which will allow you do do any operation as that app, including dumping the secret keys or emailing a copy to someone else.

        Encrypted databases are a useful measure to slow down reverse engineering by a day or two, but they don’t provide any additional security. They do allow for harder to recover database issues to happen, though.

        • アルケミー船長@lemmy.one
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          It’s only encrypted in a BFU state, (before first unlock). Police can probe your phone for data using a tool by cellebrite without root. GrapheneOS includes a auto rebooting feature to place it back in a BFU state but other phones will lack this feature. Using Molly’s database lock allows you to not trust the OS itself by encrypting it.

          edit: corrected cellbrite to cellebrite

      • LiveLGNProsper@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Yeah I realize it is android only and that makes sense that is exactly what I was looking for surprised signal doesn’t encrypt the database honestly.

        • アルケミー船長@lemmy.one
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          The main issue with encrypting the database using Molly’s setup is you’ll miss notifications and calls until you unlock, this might be able to be fixed using a different database encryption setup but as it stands it would be inconvenient for many.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      1 year ago

      It has a completely FOSS version that is available on F-droid. It also implements a pin which signal removed for convenience.

      Its not available for ios

      • LiveLGNProsper@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Yeah I know it’s not on iOS I still love Android so I try to stay up to date on Android as well even not having one. My iPhone is paid for by work so I just don’t complain .

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          For android Lineage os the best with F-droid as a app store.

          Many will disagree with me but Lineage os has the best support and is updated once a month. None of your privacy ROMs can compete with that

          • LiveLGNProsper@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Yeah but Linage OS does not relock the bootloader for extra security so if you lose physical access to your phone it is now vulnerable.

            • Possibly linux@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              4
              ·
              1 year ago

              True so don’t lose your phone. Its encrypted and you can use third party apps to auto wipe under certain circumstances

              • LiveLGNProsper@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                True but I work outside and have lost devices before sometimes it is out of are control and we still misplace devices especially when the fall out a pocket I was only pointing out I personally won’t use it for that reason is all I still would rather use Lineage OS over Graphene OS but I don’t think I will because of that one thing. I am looking at buying a used pixel hopefully soon.

              • zwekihoyy@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                the more third party apps you have, the higher your attack surface and a decrease in security. I love my mods but this isn’t really a solution and should be an os feature.

                  • zwekihoyy@lemmy.ml
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    1 year ago

                    what is proprietary about a locked bootloader? the only android fork i can recommend is GrapheneOS. you relock the bootloader on that as well.