On Mon, Feb 22, 2016 at 2:38 PM, Nick Badger <[email protected]> wrote:
> Can anyone confirm that this is, in fact, the app's behavior, and that > it's not using the push server to call a local display or something? I'm > not hugely familiar with mobile deployment, and I've never used the push > servers. I know you could register a service on the phone, but I don't know > if the notification could tie into it. Regardless, it strikes me as odd > that a team as capable as Open Whisper would put such a large > not-end-to-end hole in an app whose explicit purpose (for many) is > end-to-end security. > I'm like 99% sure this is the case (as an early Signal user) When I first started using Signal, the push notifications always said "New Message" The messages are sent encrypted over push notifications. Repeat: (since I already posted this message and apparently people ignored me the first time) The messages are sent encrypted over push notifications. As far as I know, if the local user of the phone has their settings configured to do so, the encrypted push notifications are decrypted *locally* on the phone *before* display. Also in general as best as I have followed Signal development, the developers (primarily Frederic Jacobs) are extremely aware of these issues and doing a better job addressing them than any other iOS app available today. Also Signal is open source, so if you're really curious, read the source code yourself: https://github.com/WhisperSystems/Signal-iOS -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
