I heard about that you can check via a hash code if the Signal Open Source Code the same code like the App Store Code is this true, have some one more informatons about this ?
The Android app allows reproducible builds since 2016:
As of our latest Android release, Signal builds are reproducible. Reproducible builds help to verify that the source code in our GitHub repository is the exact source code used to build the compiled Signal APK being distributed through Google Play.
Anyway:
Remaining Work
Reproducible builds for Java are simple, but the Signal Android codebase includes some native shared libraries that we employ for voice calls (WebRTC, etc). At the time this native code was added, there was no Gradle NDK support yet, so the shared libraries aren’t compiled with the project build.
Getting the Gradle NDK support set up and making its output reproducible will likely be more difficult.
No idea if progress has been made about native shared libraries, but there are probably more info about this in their reproducible builds readme
I don’t think this is available for the iOS app (there is an open issue on GitHub about this)
deleted by creator
I mean, the code is on the server, you can’t know if they’re really using the same source code anyway
but is E2E so should be fine
Telegram is a reproducible build, just on Android or also in iOS
ohh nice to see there have something like this. thx for the info :)
Long hashes like SHA-256 or SHA-512 are quite good for binary verification. Reproducible builds as noted by top commenter are also helpful, if possible.
