Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
I suspect fear mongering as it likely DOES take screenshots and since it has the device infected, it grabs the time/position and other intelligence it can grab. I don’t believe for a second they actually hacked the Signal app itself.
SMS was supported back when I was on android, roughly a year ago, since it handled all of my texting (signal or standard) but it was already broken up in iOS at that point, and they were dropping support for SMS on android (announced October 2022).
There is no system permission I'm aware of that will give other applications access to Signal which is an app made to be secure with at least a PIN code for accessing it.
And give it accessibility permission, which comes with a big fat warning. Basically you need to tell Android "yes, install and run this random app I don't really need, and give it access to all my info".
Probably why Google went from SafetyNet to Play Integrity. Maybe we should also start distrusting "integrity" as well, given how they're trying to push the Web Integrity crap.
The malware is running on the user's phone. There it has access to all of the data, including message contents. Doesn't matter how secure the server and message encryption are.
Signal's servers were not comprimised. And like you said that would only give them a minimal dataset.
Thats why we should use P2P decentralized network for messaging tool.....
So your data won't be store in a central sever, and no one can have access or visibility with your chats history or data.
Recommendation:
Session: P2P, E2EE, ChatRoom, DMs
WireMin: P2P, E2EE, ChatSpace, DMs, FeedSpace
Both of them are decentralized network, I preferred WireMin,
because compare to Session, it has FeedSpace for blog post.
They are way less than Android and Apple revokes the app certificate so even the download ones stop to work.
Also the rare cases this happened in iOS the number of affected users were way small
This is a bad whatabotism since the scale is completely different and I really fear side loading. Specially because some developers will force users to get stuff outside the App Store putting everyone in risk.
That's why you never just download and install random shit from the Internet. You gotta know and trust your source. I sidelaod all the time. Never had an issue, I just don't grab random shit from random sites.
A user has to click a lot of buttons to make this work, android security is doing its job. If there's any failing on android security's part, it's consolidating permissions into accessibility services instead of breaking them out into something a user might get scared to click.
Then again, they did click accessibility services on a "secure messaging" app. They need to learn somehow. I just refuse to accept that the appropriate solution is not owning things you buy. There has to be a better way.
I always chuckled at my Android friends having to run AV software on their phones, but then we got Pegasus and it got harder to be smug… then the shenanigans from “legitimate” devs like Über and Tencent. It doesn’t seem like blindly trusting Apple was a great idea anymore.
It never was. Read Apple's true privacy agreement on their website. It's the one you agree to but don't read when you boot up your shiny new mac or iphone for the first time. They are no different from Microsoft or Google, they are just the best at cultivating an image.
They are way less than Android and Apple revokes the app certificate so even the downloaded ones stop to work.
Also the rare cases this happened in iOS the number of affected users were way small
This is a bad whatabotism since the scale is completely different and I really fear side loading. Specially because some developers will force users to get stuff outside the App Store putting everyone in risk.