Since starting this privacy blog, I’ve become more aware of ways privacy can be threatened. One vulnerability is through apps that require smartphone features that are not necessary for the proper functioning of the app itself.
I was looking at the Signal messaging app by Open Whisper Systems. It is mentioned by the Library Freedom Project as beneficial. When I installed it on my Android smartphone I noticed and found troubling that it requires access to almost every feature of my phone when it is installed.
I’m not sure I would recommend it as being helpful for privacy when it requires access to each of these: Device & app history, Identity, Calendar, Contacts, Location, SMS, Phone, Photos/Media/Files and the Camera. I’m not sure whether there are any Android features that it does not need access to.
I can’t imagine that it requires all of those features to function properly and all of them can give highly sensitive information to the app’s owners.
I decided to reevaluate whether Signal should actually be recommended. Since it has unnecessary and unexplained access to so many parts of a smartphone’s capabilities, I decided to uninstall it. Without the LFP recommendation, I would never have installed it to begin with.
The recommendation and its marketing are solely based on the feature that Signal allows you to send private and encrypted messages. However, these access demands make me doubt that it has a net positive effect on user privacy.