Comment by guerrilla
8 months ago
Yes, this was one of the main points on infosec Mastodon today. While everyone is aware enough to be concerned with encryption over the wire, it's the endpoints that matter. Personal Android devices capable of running Signal are going to be some of the easiest to compromise for a sufficiently motivated attacker. I've seen n00b cops do it for drug gangs here. There's no question that Russia, China, et al. can do it just as well and we have as good as much as confirmation that that's what's going on in at least Tulsi Gabbard's case.
Exactly. Signal on Android uses your phone PIN, for some insane reason.
> Signal on Android uses your phone PIN, for some insane reason.
The reason is simple: 95% of people would just set-up the same PIN anyway.
In unrelated news: Password reuse is rampant: nearly half of observed user logins are compromised
https://blog.cloudflare.com/password-reuse-rampant-half-user...
It can be set differently.
Not on Android. You can set your Signal PIN, which is a recovery code for if you lose your phone and are locked out of your Signal account. You cannot change the lock screen PIN, which is the same as that of your phone.