88 comments

[ 2.8 ms ] story [ 69.8 ms ] thread
Reason for removal:

   Because we didn’t provide Google’s review team with a username and password for testing the app. Apparently they didn’t realise they can choose any username and password they like.

Well perhaps next time give the review team a way to login, since they don't know how to use the app?
They have, just after your quote

> We’ve provided Google with a username and password for testing

Seems like they did this after getting removed.
What does this even mean? Username and password for what?

Briar doesn't work like services like HN where you sign up with a username and password.

If they don't know that signing up to apps is a thing, how can you be sure they'd know what to do with a username and password?
I guess I'd have to operate on the only evidence I have to the contrary: there are thousands of apps with authentication in the Play Store that aren't banned.

I think we all know the drill with walled gardens but if you want a fighting shot of getting in they at least give it their guidelines.

There's a multitude of reasons why review teams do not wish to create an account to test your app. Repeat testing is an obvious one, for clutter avoidance (and close relation, namespace pollution issues), email failures, payment barriers, variations between plans and account types, inadvertent secrets reuse, staff unauthorized to accept any additional T&Cs, simple efficiency, the list goes on.
(comment deleted)
A prepared account for them is no good either. It could be a special account, makes the app work differently and all their review is for a manipulated test scenario.
Allowing the assumption of malice to overwhelm all other concerns is rarely a wise process. There are other equally easy ways to trigger alternative behaviour. This is why review teams invest in static analysis tooling.
Surely they know. Providing credentials is just part of the standard review process.
I'm sure they are perfectly capable of signing up. But, I'd bet they are expressly forbidden from doing it.

Signups typically involve agreeing to some terms, and you absolutely don't want company employees working their official job duties agreeing to random T&C's.

So app review is just not going to review the signup flow of an app? It can contain anything and they won't check it?
Are staff allowed to accept terms and conditions for apple?
Why wouldn't the terms and conditions the developer agrees to resolve this problem? i.e. "by submitting this application you grant us a waiver allowing our review team to test your application without agreeing to your terms and conditions"
As I understand it, it's not a signup as such. Account details are stored locally only. It wouldn't make much sense to require signup for an app whose whole point is to be decentralized.
Google recently turned on new checks that are throwing apps out the store w/o warning. I'm dealing with Google now for an app, and it's worse than anything I've dealt with on Apple's app store. Like usual, anything from Google that requires a human, becomes problematic.
That's such a basic fumble that the "Secure" in "Secure Messenger" should have a big question mark.
This seems like victim blaming. Removing the app from the play store seems like much too harsh of a punishment for a simple procedural oversight. To me it seems like a more appropriate response would have been to give Briar a 5 day window to supply credentials and leave their existing app in the play store.
The funny thing is that's how it's done I guess they also forgot to read their emails.
How does this cast doubt on the security of briar?
To me, it sounds the other way around: how good is a test if the tester can't even figure out something that basic? They might follow some strict scenario, but if it's that inflexible, it still casts doubt on the quality. But yeah, just complying with google's rules seems the easiest way out of this.
It's likely automated, so they wanted to have some data to type (even if it's arbitrary such as this case) in for the automated tester to move forward.
Technically Briar doesn't have any kind of signup process, it's only asking you to choose a nickname and a password that will be used to encrypt the content stored locally (and securely store the encryption keys). The nickname is only an arbitrary label shown to other users (multiple users can have the same nickname, but they'll have a different procedurally-generated avatar tied to the actual unique ID).

You can literally type in anything, since there's no server that validate that info.

> Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn’t rely on a central server - messages are synchronized directly between the users' devices. If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.

Unfortunate timing by Google.

It seems to have been restored again.
With this text as explanation:

> Briar was briefly removed from Google Play because we didn’t provide Google’s review team with a username and password for testing the app. We provided Google with a username and password for testing and the app is now available again.

> ... username and password for testing ...

What kind of username/password?

It's not like you sign up for Briar like when you create an account on HN.

Is it legit? I heard it had been heavily pushed by Russian media…
(comment deleted)
Are you asking if the app is legit (i.e trustworthy and not a honey-pot) or are you asking if the information it has been removed is legit?

I cannot answer the first one, but the second question seem to be legit: the store page returns a not found https://play.google.com/store/apps/details?id=org.briarproje...

It's open source[0] so possible to audit. So yes it's legit.

[0]: https://github.com/briar/briar (mirror)

There's been plenty of cases where an app/package/extension has publicly available source code which differs from what's actually distributed.

However, I do see they have a section in their README regarding reproducible builds for verifying APKs against their source code.

Do you have a source for this?
It's been pushed by WikiLeaks on Twitter to be used by Ukrainians. Due to some people believing that WikiLeaks has been hijacked by Russia, they do not trust the app.

https://twitter.com/wikileaks/status/1497314070738911236

I don't know that "hijack" is the right term here. Skepticism is very warranted. Whatever you think about Wikileaks' mission, their independence, transparency, etc... they have absolutely been used as an asset by Russian intelligence in the past. I think looking very suspiciously at anything they have to say about a conflict involving Russia is just normal prudence.

So much so, in fact, that I've actually seen the contra-conspiracy asserted: Russia made Assange/Wikileaks push this app precisely to drive Ukranians users away from it and into the arms of something else to which they presumably have more visibility.

I wanted to word it neutrally and while I'm not sure about Assange, whoever is behind WikiLeaks Twitter account for sure seems like Russian asset.
I've been usimg the app for several years before Wikileaks tweeted about it, it's not like it came out of nowhere.

And the app is open-source, you can even compile it yourself.

Briar is also available on F-Droid which is a pretty good indication that it's "true" open source and doesn't contain any "spy code" (which doesn't rule out the possibility that unwanted code can somehow be loaded after installing it)
At this point we should probably focus on releases of important software as APKs first, Google Play second. I'd hate it if Google took away my ability to release my product.

Does Android allow installing public keys for specific apps so you don't have to allow all untrusted apps just to install one?

Android lets you trust certain sources of APKs, where Firefox/Chrome/F-Droid are a source. Once enabled it will trust any APK that comes from that source (and obviously a browser can then download any).
> Does Android allow installing public keys for specific apps so you don't have to allow all untrusted apps just to install one?

This is kind of a silly question. The only point of the "Install unknown apps" setting is to make it less convenient to avoid the Play Store. You'll always be asked for confirmation before installing a new app (unless you've rooted your phone to bypass that), and installing an update with a different public key with the existing version uses will fail even if you do confirm the installation.

This isn't about censorship, it's about outsourcing validations to people that work only with a very clear and simple set of rules. Saw the same thing trying to validate a shopify plugin, it was rejected for an equally stupid reason.
FYI: Your logo is not displayed on mobile.
I'm going to open a grocery store and hire an army of management staff, but I'll outsource trivial matters like deciding what products to sell to a third party sweatshop. If any of the products get someone sick I'll point to the terms of service, shrug my shoulders and say "algorithms".
This one isn't black box algorithms behaving badly. You have to supply Play with a working test account for the review process. They didn't. There are definitely cases where an app is taken down for mystery reasons and Google basically cannot explain why but this isn't one of them.
You have to supply Play with a working test account for the review process. They didn't.

Briar has more than 500k installs according to its Google Play page. Why do Google need to remove the app entirely if they've previously accepted and published it? I can understand not allowing an update without the proper review process using a working account, but what's the reasoning behind removing the old version that Google allowed just because they can't review an update? That makes no sense.

Exactly. Unless the app is malicious, Apple tends to force changes during an update. Google appears to have turned on some algorithms in the last couple weeks, and is pulling apps down without warning. Then, this new review process appears to be really poorly run which makes it hard to get the app back in the store.

Also, the developer console itself keeps getting redesigned making it hard to find where to put these new bits of information.

> You have to supply Play with a working test account for the review process. They didn't.

Briar has no registration process. Pick any username and password and you're good to go.

Google's process is probably not used to apps that aren't centralized with a single, third-party service delivering the golden with ticket

There were many installs of this app in Ukraine in recent days, because people are expecting internet problems. Very suspicious decision from Google. And the reason is even more suspicious.
Seen this before with google. I accessed a "sensitive" scope so I needed verification and I'm almost 100% sure this was offshored to some sweatshop. You had to send them a video showing how your app used the scope which I did and in fact had to do multiple times to get the app verified. The whole process was stressful and poorly handled by google.

The sent me an email saying there was a broken link on my homepage (a link to the blog at the bottom of the page which was also at the top). In the email they sent me all the links to google were broken. I asked why did it matter if my website had a single broken link and how this affected using scopes, no response.

The don't speak to you and always send you back pre-canned messages, I got one saying my app was still in development, so communicating in this manner is really difficult.

Btw in terms of security almost all the scopes are sensitive in their system so anything other than login you'll have to go through this process.

I welcome extra security but the process was terrible.

My app update was rejected because I accidentally had a duplication of a word in my description.
Assange endorsed Briar, and urged people in Ukraine to install it when he learned of the invasion. It's about the only thing he's commented on the situation in the outside world for the last two years.
So after a couple of years of silence, Julian Assange finally speaks out to spruik a messaging app?

Colour me skeptical...

The reason he's been silent is that he's been kept in isolation, is deeply ill and has only a fragmentary picture of what's going on in the outside world, based on the little they can discuss openly during visits (knowing everything is recorded to be used against him in any way possible).

Your sneering says more about what color you are.

>has only a fragmentary picture of what's going on in the outside world, based on the little they can discuss openly during visits

And his fragmentary picture includes app recommendations? Skepticism seems like the right call, even though he has a very good reason for his years of silence.

The app has been around in some form since 2014. In promoting it, Wikileaks are relating it to discussions in 2011 with Eric Schmidt, then Google chairman, first published in 2014.

It's not so surprising that Assange would have had strong opinions on both the limits and opportunities of mesh networking, and knowledge about who were working on it who were competent and had sound ideas. Briar got an independent security audit in 2017.

Everything you said in this post about Briar is a better reason to use the app than Assanges prison recommendation.
Well, I'm answering why he would recommend it. But if you couldn't evaluate the technical stuff yourself, you'd do well to trust Assange's (and also Snowden's) recommendation on such things above almost anyone else's.
So the guy who worked with Russian intelligence services recommends an app to people Russia are fighting against?

I would maybe not take that recommendation that easily.

(comment deleted)
Seems it's back again. Probably some Human at Google realized the situation and moved fast?
"Update (February 28, 13:20 UTC): Briar is available on Google Play again."
Welcome to ~~Hacker News~~ Google Support.
I have several questions on this:

1. Is Briar or Firechat open source?

2. Are they actually effective past "within a crowd" range? I.e. has the Bluetooth "networking" ever worked?

3. Is there any way to "secure" traffic?

1. https://code.briarproject.org/briar/briar/tree/master (GPLv3)

2. https://briarproject.org/how-it-works/ any nodes can act as a mule to carry encrypted messages between "bubbles" through either Tor, WiFi or Bluetooth

3. The communications are encrypted all encrypted (at rest and in transit), only those who are added as contacts or part of a forum as a member will have the key(s) to decrypt the communication.

Honestly... I do consider such episodes as purely theatrical: who can be so .... (self-censor, since I have issue finding words that are not insults) to use smartphones for seriously dangerous activism, journalism etc?

Who can trust the bloatload of crap, bugs, backdoors of such devices, even carrying them alone in such situations?

Personally I try, and I'm not alone, to live without smartphones, and some propose to use them as "secure communication tools" for privacy-critical contents?!

Besides "only communicate face to face" how do you propose to do secure communication over a long distance without a smart-phone?
With a desktop computer, running a FLOSS system? Or a classic phone with a simple voice scrambler? For written messages ciphered paper letters, with a classic and simply alphabetic cipher like the classic Vigenère?
Your contact is in a besieged city 100 miles away. They have WhatsApp or Signal and want to send you a message. Are you suggesting the journalist shouldn't have a smartphone that contact could contact you on?
If my contact is besieged in an enemy land where if intercept might suffer bad outcomes I hope for him/her he DROP and hammer-smash his/shes phone time ago. If talking is possible BUT certain topics are taboo then a FLOSS desktop, possibly a VERY OLD one (classic bios, no frill), and some stenography trick, something simple, like abusing zip/gif file format to add extra encrypted information inside, might be used. DEFINITIVELY NOT via a proprietary service.

A thing, that's NOT a personal attack nor something else but here is HN, so a place whose users typically are tech savvy humans: did you really imaging a smartphone as the best/the goto tool to communicate under a dictatorship/secret investigations etc? I'm curious because or you are secretly working for NSA and similar or... I can't imaging how you can be a (stereo)typical HN user.

Supposing I'm a whistleblower communicate with a journalist, well the first mean I choose is passing something physically via trustable third parties, plural in the sense that one should contact another not much linked/unlinked to me who do the same, to make unlikely some small surveillance notice something strange. They just should know they do something "a bit secret" for me without knowing the rest. If he/she have a public GNUPG key I can use it to cipher what I pass but, unfortunately, that's unlikely for most journalist, they simply do not know tech enough. After the first contact I'll try to find a common ground to let him/her understand that I'm not joking and similarly that he/she is interested in doing that. I'll then teach how to use FLOSS tools on a third party computer, with a live USB key, running from ram. I'll keep changing at random the means of communication etc.

If I live under a dictatorship and I'm involved in Resistant activities the last thing I want is hi tech gears around, at least they do my best to appear using and liking them, doing the opposite, trying to be double face. I'll do my best to organize coms via ephemeral/disposable tools, something low tech as possible and hard to massively track.

If I'm a journalist, trapped behind enemy lines, I try to document as much as possible with some kind of deniable encryption, something like not so innocent and badly hidden while the real things are well deeply covered and try to keep a profile as low as possible, including NEVER communicate directly with the other side of the front.

If you imaging going to war with a smartphone in your pocket I sincerely advise you to avoid that at all: you'll be a dead man in a far shorter period of time than normal...

Doesn't the mere situation of crisis/chaos/war in Ukraine with sooo many things being coordinated by either side of the conflict impose a severe bandwith limitation ... such that the ressources (time/hands) have to be carefully allocated ... so that things like tediously going after private communications that might prove useful are just too tedious to actually do?
Regardless of whether Briar was removed by accident or not, I wish the "app store" was separate from google/alphabet. Managed, controlled and run by and independent group. Or that we'd develop a more independent installation culture via apks like we used to do for desktops. 99% of smartphone users are entirely dependent on app stores which are controlled by two multinational companies. It's insane. I'd much rather prefer every nation maintained their own app stores rather than apple and google control it for the whole world. Would be nice if an open source alternative would gain popularity but I'm guessing it's even less likely on a smartphone than on the desktop.
There are at least a few alternative app stores. The problem is: they're not installed by default. We should probably have some choice like we (used to?) have for browsers.

One that I can happily recommend is F-Droid https://f-droid.org/ . In fact, I believe Briar is on it.

Apple rejected one of our apps. I looked at the screenshots they sent, they weren't of our app.

Pointed this out - app passed the review process.