They could force them to add a backdoor in the Element build uploaded to the app... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jeltz on Oct 16, 2024 \| parent \| context \| favorite \| on: Should We Chat, Too? Security Analysis of WeChat's... They could force them to add a backdoor in the Element build uploaded to the app store so they can use that backdoor to attack specific users. This is why we need reproducible builds and code which automatically check for discrepancies.

osamagirl69 on Oct 17, 2024 [–]

FWIW, the current version of element (X) is published as a reproducible build on f-droid. https://f-droid.org/en/packages/io.element.android.x/

zxilly on Oct 17, 2024 | [–]

The attack on xz illustrates that even if the code is open source and the build is reproducible, well-designed attacks can still be executed.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact