• refalo@programming.dev
    link
    fedilink
    arrow-up
    20
    arrow-down
    6
    ·
    edit-2
    4 months ago

    How in the fuck are people actually defending signal for this

    Probably because Android (at least) already uses file-based encryption, and the files stored by apps are not readable by other apps anyways.

    And if people had to type in a password every time they started the app, they just wouldn’t use it.

    • Liz@midwest.social
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      3
      ·
      4 months ago

      Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application.

      Emphasis mine.

      • ChapulinColorado@lemmy.world
        link
        fedilink
        arrow-up
        15
        arrow-down
        2
        ·
        4 months ago

        I think the point is the developers might have just migrated the code without adjustments since that is how it was implemented before. Similar to how PC game ports sometimes run like shit since they are a close 1-1 of the original which is not always the most optimized or ideal, but the quickest to output.

        • x1gma@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          4 months ago

          Been a few days since using electron, but AFAIK electron can’t be used as a wrapper for android apps, or can it? Or is their android app a web app wrapped into a “native” android app too?

          Also, since this seems to be an issue since 2018, 6 years should be plenty to rewrite using a native secure storage…

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      AFAIK Android encrypts entire fs with one key. And ACL is not encryption.