I recently tried to install Skred Messenger (P2P), but it crashes when launched.
I very much like this comment to the article you linked to, @stanzi
Especially the part at the end is funny:
Even then, lack of encryption is not reason enough to stop using it altogether. If it was, I look forward to your article calling out everyone to stop using Email altogether.
I like Telegram because, like other comments to that article note, if you want to know the new features of Whatsapp, use Telegram. Also, their privacy policy reads a lot less creepy (in comparison to Whatsappâs).
Yes, but the thing is that email isnât a centralised âthingâ, while Telegram is. They have full access to everything they want, in comparison to that you can chose to only email someone if he doesnât use Gmail for example.
But I do also see a problem with Signal and software freedom (I discussed about several issues such as G00gle dependencies, the removal of a passphrase lock in exchange for pattern/fingerprint (which is the same that you already use to unlock your device, so it doesnât make any sense) and why Moxie keeps insisting on not releasing Signal on F-Droid on the Signal forum a couple of years ago).
Every messaging service has itâs pros and cons:
- Telegram has bad encryption
- WhatsApp has bad privacy
- Signal has made some bad decisions with G00gle dependencies and federalisation
- XMPP messengers are often outdated, lack of essential functions and are not centralised enough, meaning that they can be incompatible to each other (different encryption and featureset and so on)
At the end, itâs up to everyone to decide which app suits oneâs needs best. For me itâs Signal, although itâs far from perfect, for someone else it can be something else.
This probably sounds cheesy, but in fact, itâs not the app that should be important, but the people who you are communicating with.
Since the people are important to me I donât force my nerdy messengers on them (anymore 
) and talk to them via Whatsapp. 
Iâm surprised no-one mentioned f-droid. You wonât find proprietary apps of course, and it can clash with Yalp store if you use it, but itâs a start.
About WhatsApp the texts are E2E ecrypted so itâs not really a problem â only your screen name and number are shared (but maybe itâs already too much for you to be confortable with).
As for the banking apps⌠Yalp would be your goto, I guess
No and no. I have it running without Google Services just fine and it offers me updates on itâs own.
Nope. WhatsApp E2EE is broken, stop sponsoring it as secure, theyâve tricked all of us. Right from their FAQ:
Important notes about Google Drive:
[âŚ]
Media and messages you back up arenât protected by WhatsApp end-to-end encryption while in Google Drive.
Backup to Google Drive is enabled by default on Android. You may disable it, but youâre sold when it comes to convincing any other peer in the network to do so.
I disagree (but not deeply) with @Stanzi above. Iâm using WhatsApp1 because I can workaround privacy issues with other technological options, but fixing life is difficult (damned network effect!). We are trapped. To be coherent when choosing WhatsApp, be cautious with what you share, talk about it, educate people when they share IDs, kidâs photos or other dangerous personal bit of information. Let people be aware, thatâs the only way to overcome this shitty era of abuse and anti-humanism.
Returning to the OP question: probably not. You can use Yalp Store to download apps, but the problem doesnât reside in the method to download, but within the payload itself. What most people donât know is Android is not just an OS: itâs a platform. Itâs processes are regulated by Gobble. Gobble dictates what to use with their âDeveloper documentationâ, which leads to most developers including bits of Gobble-developed, home-calling software (they are called libraries) inside each and every app in the ecosystem (not exclusively, bits of Facebook and other third party surveillance-capitalists are shipped too). Developers canât easily avoid using them, really, if they want to be competitive. Itâs a new form of banality of evil, but in the 21th century and massive.
Of course, there are those other developers who care, and F-Droid and a whole lot more of pretty beautiful, human-caring stuff. Give them a shot.
1. My main messaging platform is Signal. It has its own problems (itâs another centralized network, doesnât really like libre software, server software is not open source and you still need to trust them in some way), but itâs probably the best around for regular peeps (Briar is brilliant, but itâs not for everyone (yet?)). Iâm not saying donât ask people to migrate; Iâm saying forcing them is impractical, and, in the long term, futile.
I would have written almost exactly the same as Stanzi! 
(especially the part about telegram! â you should not use it (ha! â if you care about privacy, that is! 
))
Maybe this can be a motivation: I just had a look at my contacts; there are some 80 people in there and I can reach more than half of them via Signal! I found that if you either properly explain the issues with Whatsapp and Telegram to them, or (b/c still, many will continue using those two 
) just kindly ask them to contact you via Signal, they will. Donât patronize, just let them know the reason why YOU will not be using those apps.
(I also agree about the issues with Signal, but at least they removed the dependency on GCM and provide the apk nowadays â I think itâs now the best compromise between privacy and ease of use that is out there. (And if you like buzz words: Edward Snowden recommends it â huhh! ) Of course something XMPP-based would be even better, but good luck convincing your contacts of going âthat complicatedâ (personal verification per contact, âŚ)
thereâs a few that I canât go without, such as WhatsApp and my banking apps
Out of curiosity, why do you need banking on your phone? The only scenario I could naively think of would be some time-critical stock-trading(?)
I guess you need to make a decision between your privacy needs and your flexibility regarding certain tasks you (used to) do with specific apps
Yes, I forgot, texts arenât encrypted when in your Drive. I disabled it and never thought about it since. But once you disable backup, do you have any issue @Roboe ?
Thatâs a fair point.
Also agree, though from this thread I think Iâll give Signal a go.
Interesting. I just downloaded the ProtonMail app (from a site called APKmirror, couldnât find it on Yalp) and it said that âThis app needs Google Play Services to run, which arenât installed on your phone.â Too things come to mind:
- it does appear to work despite the warning message
- ProtonMail is an opensource app developed by people at CERN (supposedly), so I donât get how or why it uses Google Play Services.
While I could live without banking apps (and I have in the past), they make my life significantly more convenient. For example, to pay for things online in Belgium you need Bancontact which you use through the banking app, or when I lost my card I needed the app, otherwise I would have had to go to a branch to get a new pin.
Threema works nice as well. Their shop is here:
https://shop.threema.ch/
(I copied my threema apk from my old phone, so I did not use the shop yet.)
GrĂźĂe von nobi
Itâs not enough, sadly. You cannot disable all your contacts backups. So Gobble has your text/media/voice and chats even when you explicitly donât want them to. You can convince some random people to follow you; try to convince a group chat to do that⌠Itâs broken.
Thatâs Gobble code (i.e. bundled libraries in the app) talking on behalf of ProtonMail.
Not integral open source. ProtonMail app includes closed-source libraries from Gobble to use Android platform commoditized features (most probably push notifications through Firebase Cloud Messaging). Youâll probably miss messages without Gobble services (and will get tired of discarding the message above each time you open the app).
Gobble doesnât want apps to fetch new content in the background on their own, so they have engineered Android in a way that it forces developers to use their proprietary push messaging system or let them humilliate themselves telling each of their users to disable a battery-saving feature of Android to be able to fetch new content. Itâs machiavellist.
-
Install /e/, they have ported their privacy focussed Android port to FP2
-
Install your apps from their app-store
Following options are valid for any Android alike OS: -
Install your apps from F-Droid or Yalp
-
Install Netguard, block all connections of apps which donât need any connectivity and put together your own host file blocking all trackers and adware/malware URLs
-
use Signal
-
Use Firefox Focus for tracker free browsing and K9 for mail
By only following these small steps, you cut almost all leaks and you donât loose any convenience.
/e/ app-store is afaik not yet available.
@Gobs have your original questions been answered sufficiently?
If so Iâs suggest we close this topic and continue the derived conversation at Living without Google 2.0 - A Google free FP2 as it turned into a general discussion about the G%§$e-free lifestyle and this topic title doesnât cover that.
PS: I moved the whole discussion as it all fits here.
Last year, a Portuguese company won a court case against Google, allowing it, âAptoideâ, to provide apps free. I now use Aptoide on my Freephone OpenOS. https://uk.reuters.com/article/us-google-antitrust-aptoide/aptoide-wins-court-battle-against-google-in-landmark-case-idUKKCN1MW2CL
Very interesting discussion here. So I have a question: do apps like signal or threema store the messages encripted on the phone? I they would, also the gobble drive backup on your contacts phones would not be of use to gobble, right?
And if we are already discussing different Messengers: does anyone know about the safety of the app called wire? I do really like the app and they also say that its open source but I dont know enough to estimate their privacy friendliness.
What do you think?
Well, Signal once stored them encrypted if you locked the app with a password, but they abandonned this feature about a year ago (Signal is great, but there are some decisions made by Moxie Marlinspike which I donât understand and in my opinion he has a little too much power over the whole thingâŚ).
I know Wire, but Iâve never used it since I thought it wasnât open source, which it apparently is, so Iâm going to look into it. (I donât know anything about cryptography, but Iâm trying to get serious articles about Wire (essentially almost everything thatâs not "THIS ist the best MESSENGER and why YOU should SWITCH TO IT NOW!))
Can you give a source for this? I thought they were still doing this,
I donât know about Threema. Itâs closed source, so it wasnât never an option for me.
Great thing you bring here, in fact. Thereâs a switch for app developers to disable the Gobble backup feature when developing their apps (itâs true by default! 
), and Signal has it disabled.
One can argue âbut Gobble services have root access, so they can backup it anyway!â. Thatâs not true. Gobble services are privileged apps with excessive privileges, but they donât have root permissions (in the Unix sense). You can read more about the Android security architecture in the Android Security Internals book.
Itâs open source, uses the Signal protocol and I read Snowden sometime qualify it as âgreat but sightly less well-thought than Signalâ on Twitter (canât find the tweet ATM, sorry). But, even being open source, it relies on Gobbleâs libraries (at least for push notifications and maps), and even when there was once a 100 $ bounty to make a libre build flavour for its inclusion in F-Droid, noone achieved it, :(. I donât really have a strong opinion on Wire, though, but I donât have a major selling point for it over Signal neither. Still a walled garden not completely libre.
Talking about alternatives, Briar seems like the best available (libre, reproducible & already on F-Droid; P2P fully decentralized; anonymized metadata through Tor; it doesnât even need an Internet connection), but the fact that itâs targeted at activist on dangerous areas and thus contacts need to be added manually to ensure trust, doesnât make it easy for regular people. Although a remote contact adding feature is in the works.