Hi
I may be wrong, but can someone help me interpret the results of this analysis correctly?
See the Network Related section: Why does Simplex.apk have a hardcoded communication with
An app that is advertised as the most privacy-friendly?
All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)
You must log in or register to comment.
Is that based on the F-Droid version of SimpleX from the native F-Droid repository?
From official Github https://github.com/simplex-chat/simplex-chat/releases
I tried it with the official github .apk and same result. I have no idea what it means though maybe someone could chime in?
Found potential URL in binary/memory:
- Pattern match: “https://issuetracker.google.com/issues/new?component=618491&template=1257717”
- Pattern match: “https://android.googlesource.com/toolchain/llvm-project”
- Pattern match: “https://developers.google.com/protocol-buffers///”
Except that they need something to make an android application (android SDK) and somehow to get issuetracker feedbacks, there’s nothing to worry about ? I guess? I don’t know.
I can’t speak to that with a familiar level with the code, I can only presume or guess. All I will say is that is why I never install any app from Github or Gitlabs, because there is no third party verification of the code for releases on those sites.
I only use F-Droid after disabling all anti-features in Settings and then install apps that I know are 100% clean from all dependancies.
Download the SimpleX apk from F-Droid website and then run that to see what it says for any difference in the results.
When installing from Github you only trust the developer and their signed certificate key.
When installing from F-Droid you additionally also have to trust the F-Droid developer’s signature.
Besides that F-droid has its own problems:
https://privsec.dev/posts/android/f-droid-security-issues/
I don’t use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.
The link for F-Droid security issues is goijg on 3 years old, have you looked at the code xhanges for F-Droid since then?
For using Obtainium, how do you avoid or block all apps from Github that depend on GCM, Firebase, or Google services? That’s wh I uae F-Droid and disable all anti-features so those apps are never listed, even if I search for an app that has Google dependancies, F-Droid will say that app does not exist or is not listed, as long as all anti-features is disabled.