Oddbean new post about | logout
 I thought Signal was fully open source, but maybe not according to Molly? 

Also, I was not aware of this vulnerability in Signal desktop: https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/

It looks like Molly adds a passphrase to protect databases in really old versions of Android that don't have a keystore, but otherwise I'm not sure it's necessary (and users might think it's a nuisance).