My signal app a week ago had 2 seperate, a few days apart, app updates from the app itself. Asking to check install from unknown sources to be checked inside the settings. Giving prompts from the notification drop down. Such as app update available. Click it, asked for setting to be checked, I checked it, it said it updated, all seems well and fine.
But doing this outside of both stores which usually update the app from say F droid or Aurora. I’ve never seen this happen ever. It wasn’t a user confirmation. It was a total app update.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
Android phone. Pixel. Gos.
This sounds like the answer. The app updates from guardian repo. I will change the update path. Say the app had well something malicious injected would a new update flush the old app and in with the brand new?
Im not really sure about the update part but Moxie himself is hesitant to release it outside of play store and signal website. Even GOS dev isnt really a fan of fdroid from what i read at GOS forum.
It really depends on youe threat model. What im trying to say is, if youre really want to make sure. Download from signal website and let the app update it self next time. No middle man.