Where would you say the line should be drawn?
IME keylogging is a known, serious, and frequently exploited issue that affects a substantial portion of Signal users. Signal's "Incognito Keyboard" setting didn't mention that the flag can be ignored, which was misleading and dangerous.
But yes, warning about accessibility settings if there's evidence of that being an attack vector seems like a good idea. I don't know about unsupported Android versions.
https://twitter.com/RealSexyCyborg/status/134995902394088652...
Actually *most* Android malware use accessibility APIs to perform malicious action, random example from a quick Google search: https://medium.com/axdb/%EF%B8%8F-dissecting-defensor-a-stea... . That's simply because this is the most convenient way to perform malicious actions on Android without an exploit. Sure you have to convince the victim for permission, but with a nice lure people usually just fall for it.
It is much much more prevalent than malicious IMEs. Now help your "freedom in danger" friends by raising this up as a security vulnerability to Signal developers plz! /s
Do you happen to have a source for this? There’s lots of speculation out there, but I’ve never seen anyone claiming to have proof of this being frequently exploited.
When there's a security rake-in-a-darkened-shed that a large fraction of your users will step on, with a demonstrable risk to their life and liberty, I think reasonable people can agree that we're standing on the "hey, maybe we should at least pop a dialog about this" side of the line.
It took Moxie well over a year to come to the same conclusion, and then in a really lazy way as documented by the commit upthread. I'm starting to see him as a particularly unreasonable person.
For "pop a dialog about this", I don't know, that's an interesting idea, but it is hard to draw the borderline if you pursue this route.
For example, do you know that Tencent QQ bundles a full-blown endpoint security solution trying to "protect their users" and warn them their computing environment is compromised? To the point it installs a kernel driver to do the detection. Most of my tech-savvy Chinese friends believe this is bad, not only because the possible privacy dilemma but simply because it is not an messaging app's duty to ensure the user have a safe computing environment. Surely Signal can pop up a dialog about the IME concern, but what's next? When somebody bring up an interesting cross app side-channel leak on Android, should Signal scan the installed package list, try to flag any "suspicious app"?
Hemming and hawing whether a line warning about a vulnerability that compromises a secure messaging app for over a year for any reason, but especially because of a shitty, arguably sexist tone argument not behavior I want to see from people who make security tools.
