> Does Pegasus help governments read messages from Telegram? Signal?
Yes. It attempts privilege escalation and exfiltrates whatever message contents it can from multiple apps. Signal has some potential resistance to that since messages are encrypted in transit and at rest. The easiest weak link would be displaying message content in notifications, which is optional in Signal.
Interesting, thanks. I guess I'll carry on feeling marginally superior for choosing Signal over the others as my default, while remaining bleak about the overall landscape.
Photoshop does that voluntarily; it's not required to by law. GIMP doesn't do it.
This is akin to trying to require all image editors to detect currency and refuse to process images of it. Making open source image processing software would probably have to be illegal because end users could trivially modify it to illegally process currency, or having general-purpose computers that can run software the government hasn't approved would need to be banned.
I don't like this. The Right Thing is for camera apps to not add location metadata by default.
If you go in and turn location on (which should have a warning on it), then you're the sort of person who changes defaults, a more sophisticated user than the majority of the population who is able to take responsibility for the consequences. Yes, I can imagine a scenario where someone ends up with this setting turned on through no fault of their own, but it shouldn't be the role of an OS vendor to prevent every possible mistake.
The default camera app has this off by default. Most of the ones I've tried do.
But do you remember every options you've randomly toggled over the years? It's pretty easy to see how someone would flip on geotagging, forget about it, then be shocked a few months later when they discover all their photos are leaking their location.
It looks like you can't revoke the internet permission, but you can use the firewall via ADB. Settings are lost on reboot, but you can use an automation with Tasker or similar to set them on boot:
It doesn't. The API for displaying a notification is purely local.
Receiving a ping from Firebase Cloud Messaging triggers the app to whatever it does in order to display its notification. In the case of Signal, that probably means something like fetching the user's latest messages from the server, then deciding what to show in the notification based on the user's settings, metadata, and message content.
Sorry I should clarify, by "it" I meant any sort of ping must go through Firebase Cloud Messaging, not that the message content itself goes through Firebase.
Looks like there is a way to bypass Firebase by using something like UnifiedPush which runs a perpetual background process that acts similar to Google Play Services to pick up notifications from the server and calls the local notification API.
It's theoretically possible to just keep an app running in the background all the time and periodically poll a server.
That's unreliable though since some OEM Android builds will kill it for that even if the user disables battery optimizations. Those OEMs sort of have a point; if lots of apps did that it would drain the battery fast.
Not clear what your point is. The Signal server wakes up the app via an empty message. At most the info this conveys is that a Signal app got a message to pull.
My point is there is no reasonable way to remove oneself from Google and Apple even with a fully custom application, they control the notification servers for their devices.
This assumes a high level of technical skill and effort on the part of the stalkerware author, and ignores the unlocked bootloader scare screen most devices display.
If someone brought me a device they suspected was compromised and it had an unlocked bootloader and they didn't know what an unlocked bootloader, custom ROM, or root was, I'd assume a high probability the OS is malicious.
A computer that can run arbitrary programs can necessarily run malicious ones. Useful operations are often dangerous, and a completely safe computer isn't very useful.
Some sandboxing and a little friction to reduce mistakes is usually wise, but a general-purpose computer that can't be broken through sufficiently determined misuse by its owner is broken as designed.
Open source helps, but if you didn't build it yourself, you'll need to trust whoever did. F-Droid reproducible builds help in that you only need to trust either F-Droid or the developer, not both.
The browser tends to be safer because it has a stronger sandbox than native apps on a mobile OS. It's meant to be able to run potentially malicious code with a very limited blast radius.
That, but with a little more ceremony. It gets treated as a separate app by mobile OS app switchers and doesn't show the browser's chrome or other open tabs.
Yes. It attempts privilege escalation and exfiltrates whatever message contents it can from multiple apps. Signal has some potential resistance to that since messages are encrypted in transit and at rest. The easiest weak link would be displaying message content in notifications, which is optional in Signal.
https://en.wikipedia.org/wiki/Pegasus_(spyware)
reply