Notices by Daniel Gultsch (daniel@gultsch.social), page 2

@apps This sounds like a Problem with Letsencrypt. Letsencrypt has stopped cross signing their certifates with a root that older Android versions have.
Introducing conscrypt won't fix the issue.
You'll have to bundle the Letsencrypt root.

Here is how #Conversations_im did it: https://codeberg.org/iNPUTmice/Conversations/commit/88851ea12a9ea9d546a04321742a9656733291c3

The commit has also a link to a blog post explaining the issue.

Appealing the removal didn’t yield any result. Google just repeated the same statement "the app was removed because it uploads the contact list" without even acknowledging any of the arguments I made in the appeal.

I understand that most of my audience here on Mastodon is more ideology aligned with F-Droid but the app sales on Google Play store have contributed significantly to me working (almost) full time on #Conversations_im.

Without the revenue from Google Play I can’t afford this.

To celebrate Conversations being back on the Play Store and to deny Google their 15% cut I made the app free for the next ~48 hours. 😜

If you are new here: Check out #XMPP. It's federated, provider and vendor independent instant messaging. It’s great!

https://play.google.com/store/apps/details?id=eu.siacs.conversations

Or get it from #fdroid - That version even has address book integration and public channel discovery! 😂

To be clear: They didn’t just reject an update. They outright removed the app entirely. Otherwise my plan B would have been to remove the contacts permission which is used to display the name and profile picture locally if the XMPP address matches an entry in the users address book.

Google has just removed #Conversations_im from the Play Store because they think we are uploading the user’s contact list. We don’t.

As it is a long, long tradition Conversations is available for free on the Google Play store for the last week of December.

This tradition was originally born so that when I meet people at Chaos Communication Congress and they ask what I do, they have an easy way to install Conversations. In that regard it's a very special year as we are seeing the return of CCC.

However if you are meeting loved ones to celebrate something else these days that’s fine too.🎄

https://play.google.com/store/apps/details?id=eu.siacs.conversations

#37C3 #XMPP

@Mer__edith if your persistent TCP connection drains the phone's battery I think you might have implemented it wrong. How do you think Google Push works under the hood?

Do I have to give another talk on how push notifications work? With @Mer__edith of @signalapp spreading lies and news outlets like @heiseonline amplifying their nonsense I feel like their is a lot of confusion out there on how push works. Google’s push notifications aren’t delivered by fairy dust and don’t consume any battery.

TLDR: You can de-google your phone. Install Conversations. It is the only app running in background. It will use #UnifiedPush to wake up other apps like Tusky and Ltt.rs.

Yesterday we all had a good laugh at the BND intern who forgot to renew a certificate and single handedly exposed an entire surveillance operation, but today we must make developing and deploying Channel Binding our top priority.

Conversations 2.12.9 has been live on Google Play since yesterday.
2.12.8, which mitigates the risk by not allowing third party apps to trigger the restore, was live earlier this week.

Conversations 2.12.9 fixes a security issue.

TLDR: Don’t restore backups from unknown sources or backups you have not created yourself.

Backup files can be manipulated in a way that puts personal information (credentials and private keys) in a pending message to an attacker. When the restored account reconnects that information is leaked.

Prior to 2.12.8 external apps could trigger the restore process; however the victim would still have to enter the backup password.

https://codeberg.org/iNPUTmice/Conversations/commit/09f6343ced61a44d87f736889d7c344ce333d6d9

Just in case you are spending the next couple of days with people who are not on #XMPP yet and have some time on your hands. ?

Conversations is currently available for free on the Google PlayStore.

https://play.google.com/store/apps/details?id=eu.siacs.conversations

If you were wondering how well #XMPP works on mobile devices: The XMPP-based MoyaApp has 6.5M users in South Afrika ??.

https://www.businessinsider.co.za/the-moyaapp-has-6m-active-users-and-challenging-whatsapp-2022-8