It’s the one thing a messaging app shouldn’t do – but for months, a serious Signal bug risked users’ photos being shared to random contacts.
Several users of Signal’s Android app reported that pictures they did not send were appearing in their chats, for no apparent reason. Worse, it’s not clear whether these photos were from the sender’s phone or a completely different user.
We don’t have to explain how this could easily go wrong. As well as driving users crazy, it’s a huge privacy minefield. In the worst case scenario, your pictures could have been shared with your friends’ random contacts. It makes it impossible to use the app if privacy is really a concern.
The issue persisted for seven months as developers tried desperately to hunt down the root of the issue. Now the company has finally shut down the glitch, calling it “rare”. Signal included the fix in version 5.17 of the Android app. You’ll need to update to take advantage.
The bug is a major embarrassment for the company. People concerned about privacy often prefer Signal over WhatsApp because of its end-to-end encryption options and limited data collection. It’s promoted by the likes of whistleblower Edward Snowden, top journalists and cybersecurity experts.
Users first reported the issue in December 2020 but the fix only appeared in July, seven months later.
READ MORE: Ditched WhatsApp for Signal or Telegram? Change these app settings now
The user who spotted the problem described it in detail on the app’s trouble-shooting forum: “Standard conversation between two users (let’s call them party A and party B). Party A shares a gif (from built in gif search). Party B receives the gif, but also some other images, which appear to be from another user (party A has searched their phone and does not remember the images in question).”
“Best case the images are from another contact of B and messages got crossed, worst case they are from an unknown party, who’s data has now been leaked. Luckily in this case they were not sensitive.”
A developer at the company explained why the fix took so long: “We … take issues like this very seriously. This bug was extraordinarily rare, and because we have no metrics/remote log collection, there was an initial period where we had to spend time adding logging and collecting user-submitted logs to try to track it down.
“As soon as we were able to pick up a scent, it was all we worked on, and we were able to get a fix out very quickly.”
Some users weren’t convinced. One commented: “For such a significant bug, we hardly have any detailed explanation of what exactly went wrong and what the general lessons are… A full postmortem will be nice at some point.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
