Signal and Matrix can be pressured with a rubber hose if there’s enough desire. And I imagine bureaucratic equivalents exits for iMessage and WhatsApp. But the CCP can offer genuine protection to WeChat executives.
Signal and Matrix can be pressured with a rubber hose if there’s enough desire. And I imagine bureaucratic equivalents exits for iMessage and WhatsApp. But the CCP can offer genuine protection to WeChat executives.
That is not how cryptography works.
If you use proper end-to-end encryption (e.g. the Signal protocol), and assuming that you use it properly, then the server does not have access to the content of the encrypted messages. So the server cannot be pressured, period. So the Signal protocol is strictly better than a protocol that is audited and found wanting (TFA talking about the WeChat protocol here).
Not even talking about server side, things are just grim there.
Now of course I personally don't check the app shipped to me from the Google Play Store, but at least I could!
It's not that I disagree with your point at all. There are still many places for world powers to compel companies to spy on users (in both hardware and software). Just want to call out that Signal is doing pretty much the best they can.
This is actually a big problem with all the web-based stuff where you re-download your client everytime you use it.
Now for an open source mobile app, you can actually compile it from source without having to disassemble. But of course it's not practical to audit it yourself. However, if the same binary is distributed to millions of people, you only need one of them to see the exploit.
If Signal updated the app to send the key, it would do it for millions of people through the Play Store. That's risky. Unless Signal convinced Google to send a specific binary to a specific user of course, but that's harder.