I’m using Molly FOSS, that’s the version without play service integration. It works just fine, no battery drain so far. I was even able to transfer my app settings and backup via direct connection from my old phone.
The only problem I’m facing is the keyboard, spellchecking and suggestions don’t work in Signal/Molly for some reason. But I’m not sure if that’s a known issue. Anybody has the same problem with Signal?
@csllr , to clarify, to you mean that the keyboard doesn’t recognise input? If so, that’s the case, it makes a messaging app virtually unusable.
Many thanks.
PS. I’m learning so much through this forum about Android apps. I had no idea what Molly or Molly-FOSS were until your comment, so thanks for that.
Ah. OK, so keyboard input works, it’s just the auto-correction or suggestions that don’t appear. It suits my purposes anyway – generally turn those off anyway.
Nice to see someone using latin.
The only problem is that any fork of Signal is insecure
Insecure? How?
FOSS builds are reproducible and you can compile them yourself
Let me rephrase that. FOSS just means you can read the code and determine for yourself if it meets your needs. It doesn’t make it inherently more or less secure than proprietary software. My point is that a fork can include subtle (and intentional) bugs if you don’t know exactly what you are looking at. I prefer to get my apps directly from the source- especially from one as sensitive as Signal.
I’ve wondered about this in the past. I suppose the argument you’re making @The is being able to look under the bonnet of a car. You can do this, but you may not know have a clue what any of it means. Similarly, being able to peer inside the source code doesn’t necessarily reassure a non-developr that its free of malicious code.
I believe that the safety net comes from other opensource contributors to the project. Like peer-review in the academic world – other contributors review contributions and if anything is suspect, it’s weeded out.
I may be wrong, but I believe that’s at the heart of FOSS.
Whether you consider that better or worse than taking a binary from the source is the crux of it. I’m not sure where I stand yet. It’s a new foray for me into Android/FOSS, but I like the fact that Molly-FOSS excludes Google Maps, so I’m prepared to try it over Signal.
just to clarify… Molly FOSS defaults to incognito keyboard without predictions and voice input. You can turn that off in the settings to get the full featured keyboard if you want.
Oh, I see your point now. I think @petemeister covered it in full detail, but the core issue is that you can never be completely 100% sure about a compiled binary either.
Someone at the Signal Foundation could, in theory, push malicious code just before building a final release. However, we have to trust that the developers involved will carefully review the code and reject any suspicious PR.
FOSS is only as secure as the community supporting it.
Just keep in mind the XZ Utils backdoor incident back in 2024. Despite having many contributors maintaining the project, a malicious actor still managed to introduce a series of patches that created a backdoor, and no one noticed until it was too late!! This affected monumental projects like openSSH.
Still…my trust and hope lies with open source projects. At the end of the day, you have to trust someone in the chain.
Take Mudita K. It’s not even fully open source and you can’t build it yourself. A developer at the company with the right private keys could hypothetically build something malicious into the OS and you’d never know.
Plus, the Mudita Kompakt uses a MediaTek SoC, which is notoriously vulnerable to attacks, like those to exploit BROM mode.
If you really want to be paranoid, there’s an entire rabbit hole you can go down.
Has anybody sideloaded Proton mail or any mail app?
I’d like to come back on my first comment, I’ve left Signal on for a day or two and while I still feel the battery drains faster, it’s not as bad as I thought.
The battery drain from before was likely due to me reading at nighttime with the front light on.
A good post-hoc reflection. Many thanks.
Thanks, I will stick to source codes.
Just a consideration for anyone who may look to do this from iOS but really want to preserve their messages, if you’re considering using molly, this can be added as a ‘linked device’ with your iphone still as your primary device.
your messages wont be transferred, but you not start from scratch, and when signal implement universal backup/restore you should be able to install signal/molly again and simply restore a proper backup with all your messages up till then.
just a thought, i dont know how long it will take them to implement ios - android backups, or how well it would work as a linked device. using a linked device should still count as inactivity but you might choose to check your iphone every couple weeks to enter the account pin etc. when prompted.
just a thought for people
Yes I have installed Proton Mail. When you open the app everything seems to be fine. You can read everything. But you do not get notifications.
