A fork of Signal for Android with proprietary Google binary blobs removed. Uses OpenStreetMap for maps and a websocket server connection, instead of Google Maps and Firebase Cloud Messaging.
Source is on Github in branches whose name ends in '-FOSS'. You can use Github to compare the branch with upstream's release tag of the same version to see the changes.
Frequently Asked Questions
Isn't Signal for Android open source?
Not entirely. All official APKs include multiple closed source Google
dependencies including Firebase Cloud Messaging (for notifications), Maps,
and Authentication. See the
file in Signal's source and look for any lines mentioning
com.google.firebase - these two links search the
whole Signal codebase for files that import those dependencies.
What's the difference between this and official Signal for Android?
Links go to pages describing relevant privacy policies:
|Component:||Signal-FOSS||Signal Website Build||Signal Play Build|
|Updates||Via F-Droid Repo||Built-in updater||Via Google Play|
|Notifications||Websocket to Signal server||Firebase Cloud Messaging if installed, otherwise websocket|
A websocket connection often uses slightly more battery than Firebase Cloud Messaging, which the official client uses for message notification pings.
Signal versions 4.61.4 - 5.3.7 included Firebase ML Vision for facial recognition; this was replaced in 5.3.8 with Android's inbuilt support.
How do I switch between this and an official Signal build?
- Make sure backups are enabled in your "Chats and Media" preferences and you have written down the backup password and made a backup.
- Check your backup exists in the "Signal/Backups" folder on your internal storage.
- Uninstall the application.
- Install the other application and let it import backups on first run.
Can this be distributed on F-Droid?
F-Droid requires the original project's permission to distribute an application in their main repository. I asked for permission on their bug tracker and the Signal developers declined.
How do I compile it?
Clone the Github project, see the
file; you need to add a Base64 encoded Java private key generated from
apksign, and its corresponding
password, both as named Github secrets. Then just push a branch whose name
ends in "-FOSS" and it will compile, sign and release a build.
To build locally, checkout the source and see the
Signal wiki for instructions (or look into the
Reproducible Builds directory for Docker build instructions).
NOTE: Instead of
./gradlew build use
./gradlew assemblePlayFossProdRelease to build without
Google proprietary dependencies. Also, please use
jarsigner if the wiki suggests that.
Can I trust this build?
Builds are automatically generated by Github Actions from source. If you're logged into GitHub check the project's Actions for the relevant build, in the "Sign APKs" step, there's a SHA256SUM listed for each build by filename. Currently the Universal builds are published here. The only new dependency on top of plain Signal is the open source osmdroid library.