Exactly. Also, there was a post a few days ago about google secretly installing an app on Android phones, something to do with automatically blurring nsfw images in messages. Who knows what else it is capable of, or if there’s software on our phones that won’t show up anywhere (list of apps, running processes, etc.).
Interesting times…
I agree with using open source software, but the source code of said chat apps is just one part of the equation.
AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn’t really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).
I suspect it’s the latter one. The book titled “The Hacker and the State” goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.
Obsidian asks for the permission upon first launch, but if you don’t give it access it won’t work at all (it’s a required permission for the app).
you can use an android firewall to block Internet access from the app
True, however, AFAIK if your phone is not rooted, you can’t have a firewall and VPN running at the same time (the firewalls I’ve seen must be configured as VPN).
not the privileges that obsidian has
Also true, although Obsidian has access to that shared storage, and therefore, Obsidian being closed source, you have no way of knowing what they do with the files other apps create in that storage directory. I’m not saying they are acting maliciously, but I don’t like this approach (software vulnerabilities, supply chain attacks, etc.). The devs recognized the issue in another thread, but there’s no solution to the problem as of yet.
I’d love to use this setup, however, the Obsidian Android app requires a kind of file access that is concerning:
Obsdian uses a shared location “/Documents” so that other apps can access the files (e.g. third party sync services) or add stuff.
It’s a no-go for me. :/
I’ve got one of these and I really like it. It’s expensive compared to other brands, but I’ve had it for 5 or 6 years, and it still works perfectly. It’s got a few scratches but that’s acceptable given that it’s been used for years on a daily basis. Highly recommended.