I’ll cut straight to the chase: updating the Signal app annoys me and I’d like to know your best practices.
As far as I know, there are three ways of updating Signal:
- From the Play Store. This works quite reliably, yet comes at the cost of trusting and connecting to Google’s servers.
- Via the app’s built-in auto-updater that will, after a while, suggest an update through a notification. However, the frequency of these updates is really lackluster and thus unreliable, and there’s no way to trigger an update check manually.
- Via the APK on Signal’s website. In order for this to work, you need to have done the initial installation of the app from an APK already. Also, as far as I know, this version will not use GCM / Push notifications, but rather deliver notifications through a web socket, which is a huge drain on battery. Also, you’ll have to constantly check for updates yourself or rely on the (unreliable) self-updating mechanism (see 2).
Let me know how you do it, and if there’s something I’ve overlooked.
In my case I find signal updates (through notification) way too often. I’ve actually added “Guardian project” repo to F droid specifically for signal auto updates. It comes with few other good apps. (This is generally a day slower than notification update, I just ignore notification for a day)
I use Molly-FOSS from F-droid.
obtainium
when i check “battery usage” is on 3% with 5 mins screen time and 30 mins background
Aurora store, google play store client that let’s you download from te google repository without signing in. Its on f-droid I think. Signal still uses google services for notifications tough. I recommend Molly if you also want to skip that.
Aurora is all I use. We’re still trusting Google not to inject anything malicious into the app, which they’ll do in a heartbeat if the feds come knocking.
If you listen to Graphine aurora is also unsafe as it just pishes the APK without signature check.
Obtanium can pull APKs from a website so you could use it to install the non GitHub version of signal.
Molly via Obtainium.
https://github.com/mollyim/mollyim-android
Just paste the URL in the “add app” window.
I’ll reply to you since you first brought it up, but it’s a question to anyone here recommending Molly: what makes you cofident that Molly is secure (i.e. they’re not fucking up Signal’s cryptography by accident) and maintained by trustworthy people. Signal does get audits from time to time, Molly doesn’t.
Mind you, I’m not trying to shit all over Molly; Unified Push looks great. I’m trying to approach this with due caution though.
What makes you confident Signal is secure? It’s a centralised service, so there’s a single point of failure 🤷
at some point Molly started customising Signal’s appearance or rather imposing a coloured theme. Some of us wrote back and we were ignored.
I went back to Signal with black backgrounds.
I use Molly via F-Droid. It will lag a bit behind official Signal by a couple of days usually, but that hasn’t caused any issues so far. https://molly.im/fdroid/





