Originally I’ve download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.
On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms
I recommend checking the official website or the Play Store to ensure that you are downloading the latest and official version of the app.
https://www.signal.org/download/android/
The official website only links to Google Play for the Android client, even on the fairly “hidden” download page.
Are you installing from Playstore or FDroid?
Turn off Play “Protect”.
In most cases I’d be the first to support your idea.
but here it actually blocked malware?
Didn’t notice the “droid-ify” part, whatever that is. Install apps from trusted sources like F-Droid or dev’s website and you don’t need Google to scan your phone and tell you what you can or cannot install.
Droid-ify is just a different client for F-Droid. It should be safe and uses the same repositories
The package name is correct, but signal was never on F-droid.
Do you have a third party repo that might be compromised?
Edit: Package name isn’t correct, so that’s almost definitely a compromised version. Get rid of it ASAP.
org.thoughtcrimes.securesms
It actually might not be, googling "org.thoughtcrimes.securesms"
doesn’t get results.
thoughtcrimes
vs. thoughtcrime
My question though is how this popped up in droidify, would someone need to manually add some special repo?
I missed that, thanks for pointing it out. The one without S is the correct one.
But that makes me wonder, how did OP not end up with two signal apps then?
how did OP not end up with two signal apps then?
by that popup blocking him from installing the wrong one?
To add to that:
Always check the projects’ website to see the official ways it’s distributed, before you just download it from anywhere.
Not a fan of that either, that really is unfortunate. But with a bit of common sense, a person should then ask about that, if the Play Store is not an option. It’s still not a reason to download it from a source you haven’t verified to be official
Twinhelix is the only one compiling the app from source without proprietary blobs
Just get a degoogled phone…
I generally agree, but in this case, Google Protect actually protected OP from installing a harmful app masquerading as Signal.