Signal-FOSS

A fork of Signal for Android with proprietary Google binary blobs removed. Uses OpenStreetMap for maps and a websocket server connection, instead of Google Maps and Firebase Cloud Messaging.

Download

DISCLAIMER: You might want to consider the officially supported APK download from Signal if you don't mind proprietary dependencies. This is an unofficial client with no guarantees of timely (or any) updates. It's licensed under GPL3, like Signal, meaning it has no warranty and you use it at your own risk. Signal is a registered trademark of the Signal Foundation in the USA. This connects to Signal's servers, all terms from their Privacy Policy apply.

Binary

F-Droid Repository:

https://fdroid.twinhelix.com/fdroid/repo?fingerprint=7B03B0232209B21B10A30A63897D3C6BCA4F58FE29BC3477E8E3D8CF8E304028

Click or copy/paste the above link into the F-Droid app, and it can automatically download and update this application.

Current version direct download:

Signal-FOSS v5.13.8.0 APK

Source Code

Source is on Github in branches whose name ends in '-FOSS'. You can use Github to compare the branch with upstream's release tag of the same version to see the changes.

Frequently Asked Questions

Isn't Signal for Android open source?

Not entirely. All official APKs include multiple closed source Google dependencies including Firebase Cloud Messaging (for notifications), Maps, and Authentication. See the app/build.gradle file in Signal's source and look for any lines mentioning com.google.android.gms or com.google.firebase - these two links search the whole Signal codebase for files that import those dependencies.

What's the difference between this and official Signal for Android?

Links go to pages describing relevant privacy policies:

Component:	Signal-FOSS	Signal Website Build	Signal Play Build
Updates	Via F-Droid Repo	Built-in updater	Via Google Play
Notifications	Websocket to Signal server	Firebase Cloud Messaging if installed, otherwise websocket
Maps	OpenStreetMap	Google Maps

A websocket connection often uses slightly more battery than Firebase Cloud Messaging, which the official client uses for message notification pings.

Signal versions 4.61.4 - 5.3.7 included Firebase ML Vision for facial recognition; this was replaced in 5.3.8 with Android's inbuilt support.

How do I switch between this and an official Signal build?

It's best to switch between identical versions of Signal.
Make sure backups are enabled in your "Chats and Media" preferences and you have written down the backup password and made a backup.
Check your backup exists in the "Signal/Backups" folder on your internal storage.
Uninstall the application.
Install the other application and let it import backups on first run.

Can this be distributed on F-Droid?

F-Droid requires the original project's permission to distribute an application in their main repository. I asked for permission on their bug tracker and the Signal developers declined.

How do I compile it?

Clone the Github project, see the .github/workflows/android.yml file; you need to add a Base64 encoded Java private key generated from keytool named apksign, and its corresponding password, both as named Github secrets. Then just push a branch whose name ends in "-FOSS" and it will compile, sign and release a build.

To build locally, checkout the source and see the Signal wiki for instructions (or look into the Reproducible Builds directory for Docker build instructions). NOTE: Instead of ./gradlew build use ./gradlew assemblePlayFossProdRelease to build without Google proprietary dependencies. Also, please use apksigner instead of jarsigner if the wiki suggests that.

Can I trust this build?

Builds are automatically generated by Github Actions from source. If you're logged into GitHub check the project's Actions for the relevant build, in the "Sign APKs" step, there's a SHA256SUM listed for each build by filename. Currently the Universal builds are published here. The only new dependency on top of plain Signal is the open source osmdroid library.

Credits

Molly.im (Valldrac): For Firebase Messaging stubs.
Fumiakiy Yoshimatsu: For OpenStreetMap support.

Changelog

5.13.8.0-FOSS

Pulled new upstream.

5.12.3.0-FOSS

Pulled new upstream.

5.11.5.0-FOSS

Updated Java version to 8.0.292.

5.10.8.0-FOSS

Added patch to remove new GMS import from emoji/EmojiJsonParser.kt

5.9.7.0-FOSS

Pulled new upstream.

5.8.10.0-FOSS

Pulled new upstream.

5.7.6.0-FOSS

Specified Java version in android.yml and boosted Java/Gradle memory.

5.6.3.0-FOSS

Pulled new upstream.

5.5.5.0-FOSS

More build types in libfakegms to match upstream.

5.4.12.0-FOSS

Added some more required Firebase messaging stubs.
Changed map text URLs to openstreetmap.org.

5.3.9.0-FOSS

Removed Firebase ML Vision from libfakegms as Signal has switched to using Android's inbuild FaceDetector.
Added getMessageId() and onDeleteMessages() to Firebase stubs.
Tweaks to CI workflow, logs SHA256 of signed builds.

5.2.3.0-FOSS

Changed CI signing to use apksigner instead of jarsigner to make V2 signatures for better compatibility.
Added a couple of extra map types if other forks want to use this.

5.1.9.0-FOSS

Added Github CI script to automatically build and sign releases.
Added "perf" buildtype to libfakegms.

5.0.8.1-FOSS

Added OpenStreepMap support thanks to Fumiakiy Yoshimatsu.
Switched SDK/tools version in libfakegms to use variables.

5.0.8.0-FOSS

A fix for file transfers from valldrac.

4.77.3.0-FOSS

Worked around a FcmReceiveService 'Instantiatable' error by disabling that check in lint options :(.
Added more flavor dimensions to match upstream - production/staging.

4.75.8.0-FOSS

Refactored code into "libfakegms" library in project folder.
Adopted Firebase Messaging and ML Kit Vision stubs from valldrac.

4.61.6.0-FOSS

Signal added Firebase ML Vision binaries. Dummy file to override.

4.61.0.0-FOSS

Worked around Signal using GMS libs for array concatenation.

4.60.5.0-FOSS

Initial release.