Many people who focus on information security, including myself, have
long considered
Telegram suspicious and untrustworthy.
Now, based on findings
published by the investigative journalism outlet ISt
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp.
Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code.
Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store.
The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/
That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
Literally no one here is advocating for the use of WhatsApp. Stop making up straw man arguments.
Just above you said “You’re even better off using WhatsApp”.
I will use Signal if Signal devs get over their hate of F-Droid.
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp. Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code. Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store. The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/ That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
I don’t trust an app that tells me to download from Google Play. Sorry, not going to happen. Signal has too many red flags.