Caria Giovanni - Harpocrates

@[email protected]
108 Followers
140 Following
36 Posts

25+ years in Cybersecurity. Redefining digital defense with a human-centric approach.

Architecting Red Team operations with Sith precision, hunt metadata for sport, and believe that a bad carbonara is a critical vulnerability. 🍝🌌
Author of β€œMars Attacks, Venus Hacks”: why atypical minds are the future of Threat Intelligence.
I write books, I see people, I do things. πŸ“šπŸ‘₯⚑

Dark Sidehttps://centurialabs.pl
Researchhttps://centuriafoundation.pl
VulnerabilityBad Carbonara
AuthorMars Attacks, Venus Hacks: An Eulogy for the "Aliens" Saving Modern Cybersecurity
Githubhttps://github.com/psychomad
Caria Giovanni - HarpocratesMar 16

Signal vs Wire β€” binary analysis of both APKs (apktool, strings, ELF inspection).

The gap is larger than most people think:

Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.

Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.

But the finding that surprised me most:

Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote β€” it's the threat model.

Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.

soon the full paper

#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA