←back to thread

Signal Secure Backups

(signal.org)
988 points keyboardJones | 9 comments | 08 Sep 25 16:43 UTC | HN request time: 0.001s | source | bottom
Show context
poisonborz ◴[08 Sep 25 17:34 UTC] No.45171210[source]
Backing up Signal on Android for free and offline was ~always possible. The app creates a multi GB backup file on the phone memory under the Signal folder that you can just copy out and back on a new phone.

The file is encrypted with the passcode and the database can be extracted.

https://github.com/bepaald/signalbackup-tools

replies(5): >>45171340 #>>45171393 #>>45172937 #>>45174136 #>>45177800 #
Sesse__ ◴[08 Sep 25 17:46 UTC] No.45171393[source]
There are a couple of problems with the existing backup:

1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.

2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.

I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.

replies(16): >>45171546 #>>45171627 #>>45171645 #>>45171650 #>>45171711 #>>45171840 #>>45171861 #>>45171920 #>>45172101 #>>45172536 #>>45172673 #>>45173828 #>>45173976 #>>45174322 #>>45174555 #>>45177466 #
1. dns_snek ◴[08 Sep 25 18:40 UTC] No.45172101[source]
> Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.

That's not what happened, it was Google who started rejecting their updates on Play store. I believe the original Android app maintainer quit after that but there's a fork on on F-droid which works perfectly.

replies(1): >>45172530 #
2. graemep ◴[08 Sep 25 19:11 UTC] No.45172530[source]
fork that will work perfectly until year after next.
replies(2): >>45173099 #>>45178630 #
3. Zambyte ◴[08 Sep 25 19:53 UTC] No.45173099[source]
Why?
replies(1): >>45173363 #
4. cyphar ◴[08 Sep 25 20:15 UTC] No.45173363{3}[source]
Presumably they're referring to Google's plans to roll out developer signing requirements for all apps[1], which will affect F-Droid-installed apps.

[1]: https://news.ycombinator.com/item?id=45017028

replies(2): >>45173771 #>>45177917 #
5. Sanzig ◴[08 Sep 25 20:47 UTC] No.45173771{4}[source]
Assuming that the developer of Syncthing-Fork doesn't mind providing ID to Google, they shouldn't have an issue getting a signing key (we will see how this works in practice). They aren't doing anything objectionable to Google.

The bigger issue for third party apps will be things like Newpipe, where applying for a key will put the developers in danger of a lawsuit because it affects Google's business.

(The APK signing requirement is a fiasco, I'm not defending Google. Just pointing out that this app will probably not be as seriously impacted as others).

6. sunaookami ◴[09 Sep 25 05:52 UTC] No.45177917{4}[source]
FWIW, adb install will continue to work: https://www.notebookcheck.net/Android-s-app-sideloading-bloc...
7. npoc ◴[09 Sep 25 07:25 UTC] No.45178630[source]
Not if you run the GrapheneOS variant of Android.
replies(1): >>45179246 #
8. graemep ◴[09 Sep 25 08:39 UTC] No.45179246{3}[source]
I would love to but my banking apps only work on Google Android.
replies(1): >>45199201 #
9. npoc ◴[10 Sep 25 15:32 UTC] No.45199201{4}[source]
Unlucky. All three of mine work on GrapheneOS

https://privsec.dev/posts/android/banking-applications-compa...