Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)IR
IronJumbo68 @ IronJumbo @lemmy.world
Posts
1
Comments
1
Joined
10 mo. ago

Why is Simplex calling to Google?

  • When installing from Github you only trust the developer and their signed certificate key.

    When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.

    Besides that F-droid has its own problems:

    https://privsec.dev/posts/android/f-droid-security-issues/

    I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

    https://sideofburritos.com/blog/obtainium-overview/

    • SimpleX Chat @lemmy.ml
    IronJumbo68 @lemmy.world

    Why is Simplex calling to Google?

    Hi

    I may be wrong, but can someone help me interpret the results of this analysis correctly?

    https://www.hybrid-analysis.com/sample/0a0238f85b8a559e8ab54f67920004db3a67a39bdbdbfa00075fd7d27e41dec4/672423b56b46e4feb006681d

    See the Network Related section: Why does Simplex.apk have a hardcoded communication with

    issuetracker.google.com

    android.googlesource.com

    developers.google.com

    An app that is advertised as the most privacy-friendly?

    All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)