Comment by 6thbit
14 hours ago
So this is where we find out the one end of e2e is the phone and not the app.
Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.
14 hours ago
So this is where we find out the one end of e2e is the phone and not the app.
Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.
Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.
If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.
What prevents the phone from taking screenshots of you reading the messages in the app?
The actual one end is the phone, not the app, period.
Exactly yes, and that is insecure here because the app relayed the message beyond its layer and ownership. Thus not making the app the end of the communication.