Another article, much better and presents in more detail that Olvid was audited on an older version and chosen because it was French and they applied for it (French) https://www.numerama.com/tech/1575168-pourquoi-les-ministres-vont-devoir-renoncer-a-whatsapp-signal-et-telegram.html

Google translate link original post : https://www-lepoint-fr.translate.goog/high-tech-internet/les-ministres-francais-invites-a-desinstaller-whatsapp-signal-et-telegram-29-11-2023-2545099_47.php?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=fr&_x_tr_pto=wapp

The translation has some mistakes but good enough to understand the context.

Here is a short summary :

Olvid passed a 35d intrusion test by Anssi (French cybersecurity state organisation) experts or designated experts, with code examination without finding any security breach. Which is not the case of all other 3 messaging apps (either because they didn’t do any test, or because they didn’t pass).

This makes WhatsApp, signal and telegram unreliable for state security.

And so government members and ministerial offices will have to use Olvid or Tchap (French state in house messaging app).

More detail in the article.

  • hedgehog@ttrpg.network
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Signal isn’t much better in this regard. They certainly don’t work directly in the public repos - they have internal repos that they work from and they push updates from them to the public repos after the fact.

    I’m not sure about the current state but when I looked into it a couple years ago, their client side repos were around a year behind. I recall reading some issues stating that the client was so far behind that the server was refusing to communicate with builds of it.

    • bamboo@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Signal’s official policy is that third party clients aren’t permitted, and lacks reproducible builds for their android client. Even if the open source code was up to date, using it without patching it to use a custom server would be a TOS violation.