Because of the amount of backlash they received. They were fine with the issue when only a few people were aware of it.
1 Like
To be fair this issue is blown way out of proportion.
Could they have handled this in a more classy and timely manner? Yes.
But they got the fix in the end, and it is not that big of an issue anyway.
Personally i found myskâs approach to announcing this more problematic, claiming people should not use signal desktop at all because he thinks its not secure.
Its hard enough getting folks to switch to secure and private alternatives as it is, and folks like him spewing scary sounding warnings are not helping.
6 Likes
An example of how this issue would look if it was on Android:
You install Signal, then it creates a folder, letâs say itâs called Signal Keys:
Now if you grant storage permission to any app on your phone, that app can just exfiltrate your Signal keys 
The only difference between this situation and the original MacOS situation is that the folder would be protected by the storage permission.
Is this issue overblown? Not at all.
1 Like
That problem here is is that you are protecting against a compromise on your device. Once you have malware installed, all bets are off anyway. Even if you encrypt it with a password, malware could simply keylog you when you typ in your password.
If anything it would give you a false sense of security. I get that implementing some counter measures from the app are a nice little bonus in the "defense in depth/layers train of thought, but nothing more.
If this whole situation shows us anything, its that desktop OSâs are in a dire need of proper sandboxing and a proper security model. Security on your device, that is to say, protecting application A from application B should be delivered from within the OS, not the applications installed on to it.
5 Likes
Itâs one when the device needs to be exploited, and the other when any unsandboxed app can just access your keys.
If Signal had done this properly and stored the key in the keychain, then it would have required a whole privilege escalation attack to get that key. Now any unsandboxed app, without any exploits, could have gotten access to the key.
On Android, they have done things properly, and nothing was preventing them from making the same mistake as they did on MacOS. The OS canât defend against this level of incompetence.
2 Likes
I guess we will have to just agree to disagree, as we fundamentally think differently about this.
4 Likes
Desktops have sandboxing but signal chose not to use it. Presumably the only reason their mobile apps are sandboxed is because they have no choice.
1 Like
My argument is that this shouldnât matter, this should be enforced from within the OS regardless of what the app wants or does.
Sure doing extra on the application side is a nice added bonus, but its truly something that should not be the apps responsibility.
1 Like
True, but since itâs the appâs responsibility in this case it makes sense to criticize signal for not utilizing the OS security features. It is pretty true tho that you basically have to drag developers kicking and screaming into making secure software.
2 Likes
I have no idea how an OS should even enforce something like this. Have a centralized app store on a OS without sideloading and block apps that do such incompetent things like storing the keys in a place where anyone can access it? Thatâs the only way I can come up with.
The worst thing is that a PR that fixed this was delivered to them a long time ago. There wasnât even any work needed to fix it, they just straight up ignored it.
2 Likes
Just a note here we do not allow contributions from chat bots. Nobody wants to come to this forum to talk to ChatGPT.
5 Likes
@Lukas Itâs sad that thereâs still no pin code for Signal desktop, this is also a concern because even when I turn off sync from my phone, I still have access to all my last discussions on the desktop app and the only way is to delete everything one by one