Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

  • @nottheengineer@feddit.de
    link
    fedilink
    4
    edit-2
    1 year ago

    The package name is correct, but signal was never on F-droid.

    Do you have a third party repo that might be compromised?

    Edit: Package name isn’t correct, so that’s almost definitely a compromised version. Get rid of it ASAP.

    • @miss_brainfart@lemmy.ml
      link
      fedilink
      21 year ago

      To add to that:

      Always check the projects’ website to see the official ways it’s distributed, before you just download it from anywhere.

        • @miss_brainfart@lemmy.ml
          link
          fedilink
          11 year ago

          Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It’s still not a reason to download it from a source you haven’t verified to be official

          • @Pantherina@feddit.de
            link
            fedilink
            11 year ago

            No thats absolutely a reason. Signal is 100% to blame that they have no fully FOSS code repository that could then simply be compiled by FDroid and shipped there.

            Instead I have to rely on some Dude I know nothing about, Twinhelix could just as well spread Malware. But I like my updates through FDroid, I like a blob Free Signal

            • @miss_brainfart@lemmy.ml
              link
              fedilink
              11 year ago

              Call it blame, but that decision is fully within their right, and what Twinhelix does technically violates F-Droids’ guidelines. If a creator doesn’t want their app on there, F-Droid calls to respect that.

              The official Signal apk updates itself, so that’s not even an issue.

              If your unoffical build from a third-party gives you issues one day, you are fully responsible for that.

              • @Pantherina@feddit.de
                link
                fedilink
                11 year ago

                Huh? They could just as well provide a blobfree APK themselves. They have their Google Play crap already, everyone not using that will probably also have a googlefree OS.

                They have a FOSS client and provide no FOSS binaries, which is totally their right. I heard their Desktop clients are not reproducible though, maybe because of Electron?

    • Otter
      link
      fedilink
      1
      edit-2
      1 year ago

      org.thoughtcrimes.securesms

      It actually might not be, googling "org.thoughtcrimes.securesms" doesn’t get results.

      thoughtcrimes vs. thoughtcrime


      My question though is how this popped up in droidify, would someone need to manually add some special repo?

      • @nottheengineer@feddit.de
        link
        fedilink
        21 year ago

        I missed that, thanks for pointing it out. The one without S is the correct one.

        But that makes me wonder, how did OP not end up with two signal apps then?

        • Cegorach
          link
          fedilink
          11 year ago

          how did OP not end up with two signal apps then?

          by that popup blocking him from installing the wrong one?

            • Amju Wolf
              link
              fedilink
              11 year ago

              Technically it’s from “Google Play Protect” that got triggered during the install but yeah.

  • @Skimmer@lemmy.zip
    link
    fedilink
    3
    edit-2
    1 year ago

    Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.

    Only official places to download Signal are through the Google Play Store or their website (which self-updates).

  • @0x2d@lemmy.ml
    link
    fedilink
    2
    edit-2
    1 year ago

    It’s a fake copy of Signal

    The actual package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms

    Also Google officially recommends Signal on the Android website last I checked, so I don’t see why Play Protect would flag it as malware

    edit: attach screenshot of package name

    edit 2: fix typo in package name (accidentally typed thoughcrime)

  • @kworpy@lemm.ee
    link
    fedilink
    English
    1
    edit-2
    11 months ago

    “This app tries to spy on your personal data”

    Needless to say Google hates competition

  • @AnokLola@lemm.ee
    link
    fedilink
    11 year ago

    I recommend checking the official website or the Play Store to ensure that you are downloading the latest and official version of the app.

  • bbbhltz
    link
    fedilink
    11 year ago

    Yes. I had it too!

    And I download directly from the website and it aelf-updates. Nothing but an annoyance.

    On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

    That’s Signal.

    • Extras
      link
      fedilink
      11 year ago

      “Thoughtcrime” shouldnt be plural at least its not on my version and for other posters on this thread

    • Cegorach
      link
      fedilink
      21 year ago

      In most cases I’d be the first to support your idea.

      but here it actually blocked malware?

      • @Blizzard@lemmy.zip
        link
        fedilink
        11 year ago

        Didn’t notice the “droid-ify” part, whatever that is. Install apps from trusted sources like F-Droid or dev’s website and you don’t need Google to scan your phone and tell you what you can or cannot install.

          • PropaGandalf
            link
            fedilink
            2
            edit-2
            1 year ago

            I really like droid-ify. Its a nice, good-looking alternative to fdroid. Also I’d advice to use molly foss instead of the original signal app.

              • Lemongrab
                link
                fedilink
                11 year ago

                Here what I replied to someone else:

                Fully foss dependencies, degoogled (doesnt require Google Play services), and further hardening to the app. And you can still keep your signal contacts since it is just a fork. Available through Accressant, fdroid, and github.

          • newIdentity
            link
            fedilink
            1
            edit-2
            1 year ago

            Actually, it uses more repos

            Signal isn’t in the official Fdroid repos

        • Nia [she/her]
          link
          fedilink
          1
          edit-2
          1 year ago

          Droid-ify is an F-droid frontend, that is also in F-droids repo as an installable app so it’s safe, in this case one of the F-droid repos OP has is actually malicious and is installing a modified version of Signal, the package name is wrong org.thoughtcrimes.securesms, it should be thoughtcrime without the S.

          I think Play Protect is intrusive, but this time it actually tried to protect OP from a malicious Signal clone.

        • Droid-ify is an f-droid client, it’s on f-droid too.

          The question is, what repo did that apk come from. But I have a feeling OP will not bother with checking it

  • ThePancakeExperiment
    link
    fedilink
    11 year ago

    Got something similar yesterday, but for KDE-Connect from F-Droid. Downloaded the Play Store version instead.

    • newIdentity
      link
      fedilink
      11 year ago

      Either it got compromised or Google is warning you because it has a different signature than the Google play version