Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.
On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms
KDEconnect from FDroid also go similar warnings. Might be related or OPs app might really be fake. https://twitter.com/albertvaka/status/1712954968477401478
It’s a fake copy of Signal
The actual package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms
Also Google officially recommends Signal on the Android website last I checked, so I don’t see why Play Protect would flag it as malware
edit: attach screenshot of package name
edit 2: fix typo in package name (accidentally typed thoughcrime)
that closed source code part you mention is on the server side… the client and protocols used are fully open source and constantly peer reviewd. signal cant really “leak” your messages to anyone since they are end to end encrypted.