You probably can’t fit a large enough explosive in a cell phone battery compartment to reliably crash a plane by exploding it anywhere in the passenger cabin, though that seems like more of an airport security thing than a customs thing.

There was a recent related discussion on Hacker News and the top comment discusses why this sort of solution is not likely to be the best fit for smaller organizations. In short, doing it well requires time and effort from someone technically sophisticated, who must do more than the bare minimum for good results, as you just learned.

Even then, it’s likely to be less reliable than solutions hosted by big corporations and when there’s a problem, it’s your problem. I don’t want to discourage you, but understand what you’re committing to and make sure you have adequate buy-in in your organization.

I’m inclined to agree, and said so in the linked thread.

Lemmy thread and link.

Basically, anyone who can read your home directory could decrypt your Signal database. That’s about typical of traditional desktop applications, but questionable for security-oriented software. Mac OS and (sometimes) Linux have more robust credential management options, and Signal signaled (yes, pun intended) its intent to adopt them.

That’s probably what everyone using Lemmy would prefer to do, but some people believe it would negatively impact their ability to stay in touch with friends or family.

Lemmy will never do such a thing, but specific Lemmy servers might.

Mobile check deposit is the only thing I want from my bank’s app.

I’m running LineageOS with Magisk and Play Integrity Fix. That works for my bank’s app, but I’m annoyed that they make me do it and gave their app a 1-star review on Google Play for it.

Telegram isn’t open source, so I don’t think you’re going to find forks of it.

I stand corrected. Telegram’s client is open source (GPL) and what OP is asking for is reasonable.

Has anyone you talk to regularly asked you to install a specific messaging app? If so, do you actually see a downside to installing it?

If you want actual help with these issues, try the GrapheneOS forum.

I’ve found gos extremely frustrating

Some parts of this are probably unavoidable. High-security systems tend to be inconvenient, and using a non-mainstream operating system often means limited third-party support.

I’m facing the nearly insurmountable task of convincing my friends, family, and colleagues to download and use signal when they are all using encrypted iMessage.

For reasons I can’t figure out, it seems Americans hate the idea of installing any third-party messaging apps. Most Europeans I know have at least two.

Most of my banking apps just simply do not work.

There’s some information on the GrahpeneOS forum, but if the bank insists on using Google’s device attestation, you may not be able to do much other than raise hell with customer service (please do this).

This is one of the reasons I run LineageOS rooted with Magisk; there’s a bypass for Google attestation. That, of course does not have the same security-first goals as GrapheneOS.

Holding down on the space bar to move the text cursor between characters.

This feature exists on some Android keyboards including AOSP keyboard and Heliboard, which are open source.

Phones also have web browsers, and Instagram is usable that way (several years ago, it was not). It is possible that privacy protections will look like automated behaviors to their systems.

Using an app on a device that’s used for little else and has minimal data stored and apps installed on it also limits the potential for data leaks, though probably not as effectively as the browser, particularly when your browser is Mull.

I don’t think Instagram can read your Matrix conversations, but may be able to predict your interests with fancy algorithms or buying information from data brokers, even if it’s related to things you did on another device.

If you want to be more sure it’s not spying on your phone, uninstall the app and use it through your web browser.

If an update to the proprietary Nvidia driver causes Linux to crash, that’s an Nvidia problem, not a Linux problem.

I’m a little surprised by Twitter restricting an account for that. Of course I never believed Musk’s free speech rhetoric, but this isn’t a specific issue where I’d expect them to put their thumb on the scale so blatantly.

That may technically be true, but it’s currently very normalized. Do we actually want to denormalize it? Should the government know about every trivial transaction?

The alternative is safeStorage, which uses the operating system’s credential management facility if available. On Mac OS and sometimes Linux, this means another process running in the user’s account is prevented from accessing it. Windows doesn’t have a protection against that, but all three systems do protect the credentials if someone copies data offline.

Signal should change this, but it isn’t a major security flaw. If an attacker can copy your home directory or run arbitrary code on your device, you’re already in big trouble.

You’d need write access to the user’s home directory, but doing something with desktop notifications on modern Linux is as simple as

dbus-monitor "interface='org.freedesktop.Notifications'" | grep --line-buffered "member=Notify\|string" | [insert command here]

Replacing the Signal app for that user also doesn’t require elevated privileges unless the home directory is mounted noexec.

I don’t recall Signal ever claiming their desktop app provided encryption at rest.

I’m not sure if they’ve claimed that, but it does that using SQLCipher.

If someone can read my Signal keys on my desktop, they can also:

• Replace my Signal app with a maliciously modified version
• Install a program that sends the contents of my desktop notifications (likely including Signal messages) somewhere
• Install a keylogger
• Run a program that captures screenshots when certain conditions are met
• [a long list of other malware things]

Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.

It seems like at least some people view apps that come preinstalled on their phone differently from other apps, but I’m not sure why.