Basis of trust for mollyim-android
Volen Can you please confirm if GServices just send a wake signal to Molly, without seeing/accessing the message (as Some1 suggested).
Some1 got it right. It's the same mechanism that signal uses. We didn't change anything there. Only wakeup.
Volen If yes, will the setup (including notifications) work properly if I disable network access to GServices? Thanks a lot!
Gservices needs the permission to access internet. How should it otherwise wake up Molly?
PMUSR When you say "random IDs". Do you mean using Molly without a phone number?
Yes. But not on the signal infrastructure.
PMUSR When could that happen?
No timeline for that. There is lower hanging fruit. But it's definitely gonna be implemented. You'll be able to talk to signal users and/or use only molly to molly.
PMUSR Will it be like the upcoming feature "username" Signal will release soon?
No. It won't need a phone number.
PMUSR How fast after Signal released usernames Molly will do same?
When signal releases it molly will also have it.
hyetta are there plans to merge it into the MollyFOSS and let UnifiedPush be a toggle in the settings? If yes, could some fallback be integrated into the app to fallback to the websocket when the connection to the UnifiedPush MollySocket fails?
We prefer to keep it separated now. Fallback could be implemented.
Nuttso
How is the fallback implemented and triggered? Does Molly check of the MollySocket is accesible periodically (every 30 minutes), or does the push server handle that?
What happens if the push server goes down? Is there any fallback in this scenario (if something like this can even be implemented)
[deleted]
- Edited
Nuttso I don't use Molly at the moment, to note. Is there a way to verify which push method the app is using or a visual cue? As far as I understand, UP mollysocket needs to be manually set up otherwise it will allways fall back to websocket, thus resulting in higher battery drain. Or in other words how do I ensure that my unified push is set up correctly? Thanks.
Do you have to set up your own Mollysocket server? I have instead the ntfy app but Molly says "mollysocket server not found"
- Edited
Why so much recommandations with Molly from GOS community ? I understand it has more features than Signal in a way, especially vault for your messages.
But don't forget that, regarding privacy and security basis, by using Molly you'll have to trust a second entity which means more risks regarding your data : all it takes is a simple error, or a single piece of maliciously added code, and your data is at risk.
This can happen with Signal too, but that's why it's wiser not to trust any new entity that adds another risk to an already existing one.
In case of GOS, there should be no debate because strong encryption of your device already prevent anyone from accessing your applications, and so your Signal messages (except for very specific threat level implying letting your device turned on without you during minutes in front of other people), that's why Molly could be an interesting option but not for GOS users : only for people with devices with low encryption.
Nuttso Basically, such an audit can also be misleading. It is a snapshot, nothing more.
I agree with this, but the fact that developers of a FOSS app can afford to have an independent audit and does so says something about the financial well-being of the app/company and generally leadership that does audits is open, transparent and forward facing about who they are. Just one of many things to check off in regards to trustworthiness as well as the quality of coding in general - but not in minute detail. And, the Signal Protocol cryptography has been gone over in great detail by cryptographers/security researchers in white papers and this tells you something - that the interest is so strong, and that the protocol has withstood the scrutiny. And thus the Signal Protocol makes a good foundation for Molly.
PMUSR depends on your settings. If you don't set a timeframe, yes. If you set automatic lockdown with a timer. It locks the database in this time. If the lock is instant the key is wiped from memory the moment you lock the phone and no one can extract anything. No matter what tools forensics use. Molly is build exactly for that purpose. Resisting forensics.
Hey, just gave Molly another try after reading this, and I have some questions.
- is signal still not encrypting its database? Does this matter? I thought every android app has its own encrypted storage in /storage/emulated/0/android/data/
- I am confused about device pairing. Can Molly + Signal Desktop work? Because there is no "add device" button in Molly for me, so I would need a signal phone
- why cant you use fingerprint for unlocking the DB?
- in the f-droid repo there only is one molly client, no molly-foss one. Same with Accrescent. Why?
really cool project!
missing-root The version in Accrescent is the FOSS variant.
[deleted]
missing-root find Molly FOSS also here
https://github.com/mollyim/mollyim-android/releases
missing-root Can Molly + Signal Desktop work? Because there is no "add device" button in Molly for me, so I would need a signal phone
Yes. It works. Check Settings | Linked devices.
- Edited
missing-root is signal still not encrypting its database? Does this matter? I thought every android app has its own encrypted storage in /storage/emulated/0/android/data/
Signal is encrypting it's database. But the key is available after you unblock your phone. It's more about key availability what differs.
Signal uses an SQLCipher database to store contacts, chat history, and attachments, in the app-specific directory on the device. The database is encrypted with AES 256-bit keys randomly generated the first time the app is run.
The encryption key is wrapped with Android KeyStore and stored in the Shared Preferences. If the KeyStore is unavailable as in Android 5.1 (Lollipop) and previous, the key is written as-is to the Shared Preferences.
In Signal, Shared Preferences are plaintext XML files stored along with the database.
However, Molly protects the Shared Preferences with the user's passphrase, providing full encryption of data at rest regardless of the way Android may or may not be encrypting its own storage.
missing-root in the f-droid repo there only is one molly client, no molly-foss one. Same with Accrescent. Why?
Those are the molly Foss clients.
missing-root I am confused about device pairing. Can Molly + Signal Desktop work? Because there is no "add device" button in Molly for me, so I would need a signal phone
It works with pairing signal desktop and it also supports linking other molly instances.
missing-root why cant you use fingerprint for unlocking the DB?
Only alphanumeric passwords are considered secure. You have the possibility to use a screenlock on top of the encryption which supports fingerprint. It's implementation is superior to what signal does. For example set the timeframe for the BB lock to 6 hours and activate the screenlock. You won't have to type in the password for the db in that 6 hours.
easthvan I am sendign a tiny donation right away, to "signal" the support and to have a truly anonym, secure and audited chat app finall. Besides, I find SimpleX very promising. But not many talks about it...
Thx a lot. We are working towards making molly the most secure communication app available. There are a lot of features on the roadmap that will be a game changer.
Nuttso thanks for the reply! So the encryption is not important on modern Android?
I guess password is more secure, but its a balance. I can comfortably lock Signal instantly, using my fingerprint. But I would not type in a password all the time.
Also I would agree a scrambled Pin is more secure in many scenarios, as people see you type that password a lot if you set it to lock quickly, which I assume you should.