The link provides interesting reading, but I believe Moxie must have changed his opinion later: I have never had Google Play Store on my phone, but I could install Signal. I am pretty sure I did not install it from any dodgy site. It warned when it got outdated. Not sure how updates work, not using it anymore.
No, he hasn't changed his mind (93 closed issues over 8 years related to F-droid, many asking for F-Droid distribution: https://github.com/signalapp/Signal-Android/issues?q=is%3Ais... ). Signal distributes their own APK from their own site, but still does now allow F-Droid to distribute a version, or for any version built or distributed by anyone other than Signal to connect to the Signal servers. Imagine Jia Tan's build of XZ being the only one allowed, and you get the idea.
His standpoint is unchanged regarding F-Droid, but not regarding distributing APKs themselves. In the linked issue he still argues that having users to enable "allow 3rd party APKs" is such a bad idea, that they will not provide any APKs directly.
Cute how it's labeled "Danger Zone". So official Signal provided install methods include Google Play Store, or enabling third party APKs and downloading directly from Signal. How the second differs from an official Signal provided and signed F-Droid repository in Moxie's mind is anyone's guess.
What Signal _does not_ allow are APKs built by third parties being distributed under the Signal name, or connecting to Signal servers. Which calls into question the build process itself - the very thing exploited in the XZ backdoor. One either trusts Signal to build the software without backdoors, or doesn't use Signal at all. There is no allowed in between.
Which is to say, they don't trust 3rd parties to build the software without backdoors. Can't say I blame them. Allowing for 3rd party clients opens Signal to backdoored clients. I know you think that people would only make 3rd-party clients for good, and not do bad things with that power, and no one would be foolish enough to download Definitely-not-backdoored-Signal-client from hackers.ru, but I'm pretty sure that's exactly what would happen. An APT could exploit a Pegasus-like zero-day in iOS and install a replacement, backdoored client on a victim's device. Not allowing 3rd party clients doesn't totally protect against that, but it goes a long way.
> An APT could exploit a Pegasus-like zero-day in iOS and install a replacement
Nothing about the way Signal currently does things prevents this from happening today.
Disallowing third party builds only serves to reduce eyes on the build tooling, which we've learned is a great place to hide backdoors.
Equating F-Droid with hackers.ru is a distasteful strawman. F-Droid appear to run as transparent and credible a distribution as Debian or Fedora. Credible enough that the Tor project distributes it's privacy-focused software via F-Droid.
I wasn't even thinking of f-droid and I didn't mention them in my comment at all so I'm not sure why you think I'm linking the two when I didn't even mention them.
Signal could do more to be open with the build process, but opening the door to third party clients is opening the door for APTs to release backdoored Signal clients.
F-Droid was mentioned in the very first comment of this thread, and all of the issues linked in github. Seems like you haven't read them, and bringing other parties into the discussion seems like a distraction.
> but opening the door to third party clients is opening the door for APTs to release backdoored Signal clients.
Signal's source code is already public. APTs (or anyone who doesn't care about violating laws) can already produce and disseminate their own builds. There are no technical protections in place to stop them - nor do I know of any which could. The only people who can't currently distribute their own builds are the law abiding good guys trying to build secure software distributions. I'm not sure why you're confused about this, but your assertion that Signal making legal allowances for third party builds adds anything to the capabilities of APTs demonstrates a misunderstanding of what is already available and the (strictly legal) limitations Signal has placed on 3rd parties with regard to distributing independently verifiable builds.
Please take some time to read and understand the github issues, instead of continuing to assert falsehoods or introduce strawmen.
I'm sorry for not doing all of my homework before responding, but what's with you and the word strawman? It it your homework assignment to write that word seven times on the Internet or something? Say it a couple more times, it'll really help get your point across.
Getting Signal from anywhere else other than them opens up the door for someone to sneak in some code. I am not, in any way, insinuating that fdroid would intentionally do such a thing.
