Skip Navigation
Why is Simplex calling to Google?

  • I hope @epoberezkin@lemmy.ml will dispel our doubts or a member of the Simplex.chat team :(

    •
    Why is Simplex calling to Google?

  • It's not about whether the application communicates with these addresses or not. It's about the fundamental question: why are these addresses even encoded in the code of a VERY privacy-sensitive application?

    My friend, in every answer you push F-Droid as a cure for all evil. There is no perfect store, F-Droid also has its problems (I wrote about it above). I am not an enemy of F-Droid (I also use it sometimes), but I will repeat: F-Droid control is insufficient (it's security theater - it's not a full audit of the source code).

    •
    Why is Simplex calling to Google?

  • When installing from Github you only trust the developer and their signed certificate key.

    When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.

    Besides that F-droid has its own problems:

    https://privsec.dev/posts/android/f-droid-security-issues/

    I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

    https://sideofburritos.com/blog/obtainium-overview/

    •
    Why is Simplex calling to Google?
    • SimpleX Chat @lemmy.ml IronJumbo68 @lemmy.world
    Why is Simplex calling to Google?

    Hi

    I may be wrong, but can someone help me interpret the results of this analysis correctly?

    https://www.hybrid-analysis.com/sample/0a0238f85b8a559e8ab54f67920004db3a67a39bdbdbfa00075fd7d27e41dec4/672423b56b46e4feb006681d

    See the Network Related section: Why does Simplex.apk have a hardcoded communication with

    issuetracker.google.com

    android.googlesource.com

    developers.google.com

    An app that is advertised as the most privacy-friendly?

    All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)

    15
    Proton @lemmy.world IronJumbo68 @lemmy.world
    New vulnerabilities in VPNs
    citizenlab.ca Vulnerabilities in VPNs: Paper presented at the Privacy Enhancing Technologies Symposium 2024 - The Citizen Lab

    On July 16, former Citizen Lab Open Technology Fund (OTF) Information Controls Fellowship Program fellow Benjamin Mixon-Baca will be presenting “Attacking

    Vulnerabilities in VPNs: Paper presented at the Privacy Enhancing Technologies Symposium 2024 - The Citizen Lab

    Please clarify if ProtonVPN servers are also affected and what are the corrective actions?

    https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

    0
    Proton @lemmy.world IronJumbo68 @lemmy.world
    Snooze mail - great feature, broken execution

    Please help me vote: https://protonmail.uservoice.com/forums/284483-proton-mail/suggestions/47562803-snooze-function-also-when-conversation-grouping-is

    0
    InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)IR
    IronJumbo68 @lemmy.world
    Posts 3
    Comments 4