SAN FRANCISCO — Developers behind the encrypted messaging app Signal updated their terms of service to forbid users from organizing and executing targeted military strikes,…
For Android they have reproducible builds to verify that they are using the source code from their public repo for the app distributed via Google’s Play Store.
Regarding the server software, it’s not that easy but because of the Signal protocol you can be sure that messages are e2e encrypted and authenticated. They also have the sealed sender feature which hides the identity of the sender. So it shouldn’t really matter what software a server is using.
How do you know the source code on GitHub is what is being ran in production?
For Android they have reproducible builds to verify that they are using the source code from their public repo for the app distributed via Google’s Play Store.
Regarding the server software, it’s not that easy but because of the Signal protocol you can be sure that messages are e2e encrypted and authenticated. They also have the sealed sender feature which hides the identity of the sender. So it shouldn’t really matter what software a server is using.