I’ll cut straight to the chase: updating the Signal app annoys me and I’d like to know your best practices.

As far as I know, there are three ways of updating Signal:

  1. From the Play Store. This works quite reliably, yet comes at the cost of trusting and connecting to Google’s servers.
  2. Via the app’s built-in auto-updater that will, after a while, suggest an update through a notification. However, the frequency of these updates is really lackluster and thus unreliable, and there’s no way to trigger an update check manually.
  3. Via the APK on Signal’s website. In order for this to work, you need to have done the initial installation of the app from an APK already. Also, as far as I know, this version will not use GCM / Push notifications, but rather deliver notifications through a web socket, which is a huge drain on battery. Also, you’ll have to constantly check for updates yourself or rely on the (unreliable) self-updating mechanism (see 2).
  4. //Edit a fourth way might be to just update via Obtainium and pulling APKs off their Github. I’m not sure what that does to GCM/Websocket usage, see 3.

Let me know how you do it, and if there’s something I’ve overlooked.

    • makothefrog@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 day ago

      I was hoping to keep my phone fully clear of play services but notifications through FCM are unfortunately integral to the android experience now. I set up my own Molly Socket and unified push, but I sometimes notifications were delayed, and I do really like being able to see the contents and reply to messages from the notification which I don’t think unified push does (or at least molly socket didnt). And it was also the only app I had that supported unified push. I’m really hoping it catches on future. Would love to get rid of play services entirely

    • _Nemo_@lemmy.mlOP
      link
      fedilink
      arrow-up
      10
      ·
      5 days ago

      I’ll reply to you since you first brought it up, but it’s a question to anyone here recommending Molly: what makes you cofident that Molly is secure (i.e. they’re not fucking up Signal’s cryptography by accident) and maintained by trustworthy people. Signal does get audits from time to time, Molly doesn’t.

      Mind you, I’m not trying to shit all over Molly; Unified Push looks great. I’m trying to approach this with due caution though.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        5 days ago

        What makes you confident Signal is secure? It’s a centralised service, so there’s a single point of failure 🤷

        • _Nemo_@lemmy.mlOP
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          4 days ago

          Ignore the downvotes. That’s a fair question to ask, but one that does have answers. Signal is FOSS, has E2EE and was audited several times, so we know that

          • it did not contain any backdoors at the time of the audit
          • it will not for the foreseeable future (they’d be visible in the client code)
          • I need not trust the server code since messages are E2EE

          Thus, while mistakes do happen and can open up severe vulnerabilities, cf. Heartbleed, there’s reason to assume that Signal is relatively secure. Signal’s centralisation of server infrastructure is a valid concern, but not for security, but rather for

          • privacy (they might capture metadata, although it appears they don’t; nation-state actors trying to subpoena user data have so far only gotten “date of registration” and “last online”, which appears to be all they’re storing; that’s as close to “zero knowledge” as you get)
          • availability (as the recent AWS outage has shown, which took out Signal as well)
    • rnercle@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      5 days ago

      at some point Molly started customising Signal’s appearance or rather imposing a coloured theme. Some of us wrote back and we were ignored.

      I went back to Signal with black backgrounds.