On Thu, 2014-11-13 at 18:06 -0500, Eric Mill wrote:
This isn't accurate, in practice. In theory, Google could replace any certificate they want for first use. But they clearly don't do that for everyone (Moxie or someone would notice), and if they did it in a targeted way, it could only be on the first use. That's a threat vector, but only viable under both targeted and specific circumstances.
So "what's to stop Google pushing a malicious TextSecure? Nothing. Nothing, at all, ever." isn't accurate -- you can trust that you're highly likely to get the real TS binary on first install, and then guarantee that you're getting a binary signed by the same person for updates.
But Google can silently update their services providing this "guarantee" and remove it. Could they do this without anyone noticing? Probably not on a wide scale. But it's still not a guarantee. There's essentially no way to get around this on Android, which is I think why Moxie has abandoned that goal. If a solution exists, the people detracting TextSecure for using Google infrastructure should build that solution, fork TextSecure, and add it. Code speaks louder than words. -- Sent from Ubuntu