You missed my point which was not about whether you could, but about whether someone else could, either from your backup or from a entirely different copy they could have acquired during the original transmission.
Same way I wouldn't trust a gmail/outlook/whatever-apple-named-theirs automatic mail encryption the way I can trust a bulky weird to use pgp one.
Why would they be able to? I haven't heard of any such exploits for Signal, and their crypto as well as their app-related code is open, well-documented, and repeatedly audited.
You're focusing on signal for some reason, ignoring the larger point being made
Also:
> their crypto as well as their app-related code is open, well-documented, and repeatedly audited.
And since nobody builds their executable from source, it doesn't at all guarantee anything about the version I have on my phone right now, unless I do a lot of extra check that virtually no one will do on every update. If whatever entity* aiming for me chose to target a specific update at me on the store that did a clear copy send on the side, I would never know.
* Say, China aiming for a chinese user on whatever chinese app store is popular at the moment, to take the most obvious (but clearly not only) exemple
> And since nobody builds their executable from source
How many people build gnupg or gpg-agent from source?
> Whatever entity
Seems like something your local apt/pacman repository mirror host could do too.
It's a fair concern. I'm not trying to be disingenuous, sorry if it comes off that way. I'm just focusing on Signal because you wrote "modern IM software".
Same way I wouldn't trust a gmail/outlook/whatever-apple-named-theirs automatic mail encryption the way I can trust a bulky weird to use pgp one.