There are 3 medium and 1 low severity findings, all of which require a high difficulty attack to exploit ā the attacker would need to have a privileged access to the system, may need to know complex technical details, or must discover other weaknesses to exploit them. Additionally, there are 3 informational findings.
Nice.
Trail of Bits reviewed both the algorithm & the implementation? The implementation is where the zero-days are.
Next: security audit in 2025
We are planning the implementation security assessment with Trail of Bits in the beginning of 2025. It will be a twice bigger assessment than we did in 2022 ā it will cover both the core of the app and the handling of cryptographic secrets in the mobile applications.
Good job @epoberezkin!
Iām a privacy newcomer. Can someone explain why this service can be trusted not to be some sort of government HoneyPot? I get that you have to place your trust somewhere, but why SimpleX?
trusted not to be some sort of government HoneyPot?
It is open source and you can selfhost servers, it keeps getting security audits.
but why SimpleX?
You can check their website, https://simplex.chat/ and their roadmap.