I recently tried to install Skred Messenger (P2P), but it crashes when launched.
I very much like this comment to the article you linked to, @stanzi
Especially the part at the end is funny:
Even then, lack of encryption is not reason enough to stop using it altogether. If it was, I look forward to your article calling out everyone to stop using Email altogether.
I like Telegram because, like other comments to that article note, if you want to know the new features of Whatsapp, use Telegram. Also, their privacy policy reads a lot less creepy (in comparison to Whatsappās).
Yes, but the thing is that email isnāt a centralised āthingā, while Telegram is. They have full access to everything they want, in comparison to that you can chose to only email someone if he doesnāt use Gmail for example.
But I do also see a problem with Signal and software freedom (I discussed about several issues such as G00gle dependencies, the removal of a passphrase lock in exchange for pattern/fingerprint (which is the same that you already use to unlock your device, so it doesnāt make any sense) and why Moxie keeps insisting on not releasing Signal on F-Droid on the Signal forum a couple of years ago).
Every messaging service has itās pros and cons:
- Telegram has bad encryption
- WhatsApp has bad privacy
- Signal has made some bad decisions with G00gle dependencies and federalisation
- XMPP messengers are often outdated, lack of essential functions and are not centralised enough, meaning that they can be incompatible to each other (different encryption and featureset and so on)
At the end, itās up to everyone to decide which app suits oneās needs best. For me itās Signal, although itās far from perfect, for someone else it can be something else.
This probably sounds cheesy, but in fact, itās not the app that should be important, but the people who you are communicating with.
Since the people are important to me I donāt force my nerdy messengers on them (anymore ) and talk to them via Whatsapp.
Iām surprised no-one mentioned f-droid. You wonāt find proprietary apps of course, and it can clash with Yalp store if you use it, but itās a start.
About WhatsApp the texts are E2E ecrypted so itās not really a problem ā only your screen name and number are shared (but maybe itās already too much for you to be confortable with).
As for the banking appsā¦ Yalp would be your goto, I guess
No and no. I have it running without Google Services just fine and it offers me updates on itās own.
Nope. WhatsApp E2EE is broken, stop sponsoring it as secure, theyāve tricked all of us. Right from their FAQ:
Important notes about Google Drive:
[ā¦]
Media and messages you back up arenāt protected by WhatsApp end-to-end encryption while in Google Drive.
Backup to Google Drive is enabled by default on Android. You may disable it, but youāre sold when it comes to convincing any other peer in the network to do so.
I disagree (but not deeply) with @Stanzi above. Iām using WhatsApp1 because I can workaround privacy issues with other technological options, but fixing life is difficult (damned network effect!). We are trapped. To be coherent when choosing WhatsApp, be cautious with what you share, talk about it, educate people when they share IDs, kidās photos or other dangerous personal bit of information. Let people be aware, thatās the only way to overcome this shitty era of abuse and anti-humanism.
Returning to the OP question: probably not. You can use Yalp Store to download apps, but the problem doesnāt reside in the method to download, but within the payload itself. What most people donāt know is Android is not just an OS: itās a platform. Itās processes are regulated by Gobble. Gobble dictates what to use with their āDeveloper documentationā, which leads to most developers including bits of Gobble-developed, home-calling software (they are called libraries) inside each and every app in the ecosystem (not exclusively, bits of Facebook and other third party surveillance-capitalists are shipped too). Developers canāt easily avoid using them, really, if they want to be competitive. Itās a new form of banality of evil, but in the 21th century and massive.
Of course, there are those other developers who care, and F-Droid and a whole lot more of pretty beautiful, human-caring stuff. Give them a shot.
1. My main messaging platform is Signal. It has its own problems (itās another centralized network, doesnāt really like libre software, server software is not open source and you still need to trust them in some way), but itās probably the best around for regular peeps (Briar is brilliant, but itās not for everyone (yet?)). Iām not saying donāt ask people to migrate; Iām saying forcing them is impractical, and, in the long term, futile.
I would have written almost exactly the same as Stanzi!
(especially the part about telegram! ā you should not use it (ha! ā if you care about privacy, that is! ))
Maybe this can be a motivation: I just had a look at my contacts; there are some 80 people in there and I can reach more than half of them via Signal! I found that if you either properly explain the issues with Whatsapp and Telegram to them, or (b/c still, many will continue using those two ) just kindly ask them to contact you via Signal, they will. Donāt patronize, just let them know the reason why YOU will not be using those apps.
(I also agree about the issues with Signal, but at least they removed the dependency on GCM and provide the apk nowadays ā I think itās now the best compromise between privacy and ease of use that is out there. (And if you like buzz words: Edward Snowden recommends it ā huhh! ) Of course something XMPP-based would be even better, but good luck convincing your contacts of going āthat complicatedā (personal verification per contact, ā¦)
thereās a few that I canāt go without, such as WhatsApp and my banking apps
Out of curiosity, why do you need banking on your phone? The only scenario I could naively think of would be some time-critical stock-trading(?)
I guess you need to make a decision between your privacy needs and your flexibility regarding certain tasks you (used to) do with specific apps
Yes, I forgot, texts arenāt encrypted when in your Drive. I disabled it and never thought about it since. But once you disable backup, do you have any issue @Roboe ?
Thatās a fair point.
Also agree, though from this thread I think Iāll give Signal a go.
Interesting. I just downloaded the ProtonMail app (from a site called APKmirror, couldnāt find it on Yalp) and it said that āThis app needs Google Play Services to run, which arenāt installed on your phone.ā Too things come to mind:
- it does appear to work despite the warning message
- ProtonMail is an opensource app developed by people at CERN (supposedly), so I donāt get how or why it uses Google Play Services.
While I could live without banking apps (and I have in the past), they make my life significantly more convenient. For example, to pay for things online in Belgium you need Bancontact which you use through the banking app, or when I lost my card I needed the app, otherwise I would have had to go to a branch to get a new pin.
Threema works nice as well. Their shop is here:
https://shop.threema.ch/
(I copied my threema apk from my old phone, so I did not use the shop yet.)
GrĆ¼Će von nobi
Itās not enough, sadly. You cannot disable all your contacts backups. So Gobble has your text/media/voice and chats even when you explicitly donāt want them to. You can convince some random people to follow you; try to convince a group chat to do thatā¦ Itās broken.
Thatās Gobble code (i.e. bundled libraries in the app) talking on behalf of ProtonMail.
Not integral open source. ProtonMail app includes closed-source libraries from Gobble to use Android platform commoditized features (most probably push notifications through Firebase Cloud Messaging). Youāll probably miss messages without Gobble services (and will get tired of discarding the message above each time you open the app).
Gobble doesnāt want apps to fetch new content in the background on their own, so they have engineered Android in a way that it forces developers to use their proprietary push messaging system or let them humilliate themselves telling each of their users to disable a battery-saving feature of Android to be able to fetch new content. Itās machiavellist.
-
Install /e/, they have ported their privacy focussed Android port to FP2
-
Install your apps from their app-store
Following options are valid for any Android alike OS: -
Install your apps from F-Droid or Yalp
-
Install Netguard, block all connections of apps which donāt need any connectivity and put together your own host file blocking all trackers and adware/malware URLs
-
use Signal
-
Use Firefox Focus for tracker free browsing and K9 for mail
By only following these small steps, you cut almost all leaks and you donāt loose any convenience.
/e/ app-store is afaik not yet available.
@Gobs have your original questions been answered sufficiently?
If so Iās suggest we close this topic and continue the derived conversation at Living without Google 2.0 - A Google free FP2 as it turned into a general discussion about the G%Ā§$e-free lifestyle and this topic title doesnāt cover that.
PS: I moved the whole discussion as it all fits here.
Last year, a Portuguese company won a court case against Google, allowing it, āAptoideā, to provide apps free. I now use Aptoide on my Freephone OpenOS. https://uk.reuters.com/article/us-google-antitrust-aptoide/aptoide-wins-court-battle-against-google-in-landmark-case-idUKKCN1MW2CL
Very interesting discussion here. So I have a question: do apps like signal or threema store the messages encripted on the phone? I they would, also the gobble drive backup on your contacts phones would not be of use to gobble, right?
And if we are already discussing different Messengers: does anyone know about the safety of the app called wire? I do really like the app and they also say that its open source but I dont know enough to estimate their privacy friendliness.
What do you think?
Well, Signal once stored them encrypted if you locked the app with a password, but they abandonned this feature about a year ago (Signal is great, but there are some decisions made by Moxie Marlinspike which I donāt understand and in my opinion he has a little too much power over the whole thingā¦).
I know Wire, but Iāve never used it since I thought it wasnāt open source, which it apparently is, so Iām going to look into it. (I donāt know anything about cryptography, but Iām trying to get serious articles about Wire (essentially almost everything thatās not "THIS ist the best MESSENGER and why YOU should SWITCH TO IT NOW!))
Can you give a source for this? I thought they were still doing this,
I donāt know about Threema. Itās closed source, so it wasnāt never an option for me.
Great thing you bring here, in fact. Thereās a switch for app developers to disable the Gobble backup feature when developing their apps (itās true by default! ), and Signal has it disabled.
One can argue ābut Gobble services have root access, so they can backup it anyway!ā. Thatās not true. Gobble services are privileged apps with excessive privileges, but they donāt have root permissions (in the Unix sense). You can read more about the Android security architecture in the Android Security Internals book.
Itās open source, uses the Signal protocol and I read Snowden sometime qualify it as āgreat but sightly less well-thought than Signalā on Twitter (canāt find the tweet ATM, sorry). But, even being open source, it relies on Gobbleās libraries (at least for push notifications and maps), and even when there was once a 100 $ bounty to make a libre build flavour for its inclusion in F-Droid, noone achieved it, :(. I donāt really have a strong opinion on Wire, though, but I donāt have a major selling point for it over Signal neither. Still a walled garden not completely libre.
Talking about alternatives, Briar seems like the best available (libre, reproducible & already on F-Droid; P2P fully decentralized; anonymized metadata through Tor; it doesnāt even need an Internet connection), but the fact that itās targeted at activist on dangerous areas and thus contacts need to be added manually to ensure trust, doesnāt make it easy for regular people. Although a remote contact adding feature is in the works.