Signal-FOSS
A fork of Signal for Android with proprietary Google binary blobs removed. Uses OpenStreetMap for maps and a websocket server connection, instead of Google Maps and Firebase Cloud Messaging.
Download
DISCLAIMER: You might want to consider the officially supported APK download from Signal if you don't mind proprietary dependencies. This is an unofficial client with no guarantees of timely (or any) updates. It's licensed under GPL3, like Signal, meaning it has no warranty and you use it at your own risk. Signal is a registered trademark of the Signal Foundation in the USA. This connects to Signal's servers, all terms from their Privacy Policy apply.
Binary
F-Droid Repository:
https://fdroid.twinhelix.com/fdroid/repo?fingerprint=7B03B0232209B21B10A30A63897D3C6BCA4F58FE29BC3477E8E3D8CF8E304028Click or copy/paste the above link into the F-Droid app, and it can automatically download and update this application.
Current version direct download:
Source Code
Source is on Github in branches whose name ends in '-FOSS'. You can use Github to compare the branch with upstream's release tag of the same version to see the changes.
Frequently Asked Questions
Isn't Signal for Android open source?
Not entirely. All official APKs include multiple closed source Google
dependencies including Firebase Cloud Messaging (for notifications), Maps,
Authentication and (since v5.24.15) Wallet/Payments. See the
app/build.gradle
file in Signal's source, or search the codebase for for any imports of
com.google.android.gms or
com.google.firebase - these two links search the
whole Signal codebase for files that import those dependencies.
The Signal developers explain their reasons here.
What's the difference between this and official Signal for Android?
Links go to pages describing relevant privacy policies:
| Component: | Signal-FOSS | Signal Website Build | Signal Play Build |
|---|---|---|---|
| Updates | Via F-Droid Repo | Built-in updater | Via Google Play |
| Notifications | Websocket to Signal server | Firebase Cloud Messaging if installed, otherwise websocket | |
| Maps | OpenStreetMap | Google Maps | |
| Donations | Not supported in-app | Google Wallet/Payments | |
A websocket connection often uses slightly more battery than Firebase Cloud Messaging, which the official client uses for message notification pings. Maps and in-app Donations in both official builds only work on devices with Google Apps (GAPPS) installed, otherwise the map is blank.
Signal versions 4.61.4 - 5.3.7 included Firebase ML Vision for facial recognition; this was replaced in 5.3.8 with Android's inbuilt support.
Does GPS work?
GPS works for maps, but can be slow on phones without Google's location services installed; consider waiting a while, or installing another location provider to accelerate GPS locks like UnifiedNLP.
How do I switch between this and an official Signal build?
- It's best to switch between identical versions of Signal.
- Make sure backups are enabled in your "Chats and Media" preferences and you have written down the backup password and made a backup.
- Check your backup exists in the "Signal/Backups" folder on your internal storage.
- Uninstall the application.
- Install the other application and let it import backups on first run.
Can this be distributed on F-Droid?
F-Droid requires the original project's permission to distribute an application in their main repository. I asked for permission on their bug tracker and the Signal developers declined.
How do I compile it?
Clone the Github project, see the .github/workflows/android.yml
file; you need to add a Base64 encoded Java private key generated from
keytool named apksign, and its corresponding
password, both as named Github secrets. Then just push a branch whose name
ends in "-FOSS" and it will compile, sign and release a build.
To build locally, checkout the source and see the
Signal wiki for instructions (or look into the
Reproducible Builds directory for Docker build instructions).
NOTE: Instead of ./gradlew build use
./gradlew assemblePlayFossProdRelease to build without
Google proprietary dependencies. Also, please use apksigner
instead of jarsigner if the wiki suggests that.
Can I trust this build?
Builds are automatically generated by Github Actions from source. If you're logged into GitHub check the project's Actions for the relevant build, in the "Sign APKs" step, there's a SHA256SUM listed for each build by filename. Currently the Universal builds are published here. The only new dependency on top of plain Signal is the open source osmdroid library.
Credits
- Molly.im (Valldrac)
- For Firebase Messaging stubs from Molly-FOSS.
- Fumiakiy Yoshimatsu
- For OpenStreetMap support.