Verifying a contact's new security number with original signal device while molly device is linked prevents new messages from being received on the original device

[7heo]

Is there an existing issue for this?

• [X] I have searched the existing issues

Bug description

Possibly related to #211.

Basically what the title says:

Verifying a contact's new security number, with the original signal device, whilev the molly device is linked, prevents any new messages from being received on the original device.

Steps to reproduce

1. Install signal 6.35.3 on an android 8.1.0 (LOS) device
2. Register a signal account on the device using a phone number
3. Add a contact, verify them
4. Install molly 6.34.5-1-FOSS on an android 11 (LOS) device
5. Link the newly installed molly to the original signal client
6. Enjoy the use of several clients, each on a separate phone
7. Convince the verified contact to use Molly, with the same phone number, but without using the backup/restore or transfer feature
8. Have a message of a new verification number pop up on the conversation in the original signal device, when using a different uplink with the original (android 8) and linked (android 11) devices.
9. Proceed with the verification process on the original (android 8) device, without going on the same uplink as the linked (android 11) device.
10. Only get new messages on the linked (android 11) molly device, while the original (android 8) signal device can send normally, but not receive (neither messages nor receipts), from any contact, including self.

Note: I included precise version numbers for all software out of precaution. I suspect the OS does not matter. I suspect the Molly device conflicts with the new device signature, and causes a dissociation in cryptographic signatures sent to the server, leading to the server marking the device that verified the new number as "compromised", or untrusted.

Restarting both client software did not fix it.

Molly version

v6.34.5-1-FOSS

Android version

Android 11 (LOS)

Device

OnePlus 3T

Link to debug log

No response

[johanw666]

I installed Molly 6.40.4 commit https://github.com/mollyim/mollyim-android/commit/f87790cac4faf62fc0c07600e3dbbd67730308c6 on my device as a linked device. I run Signal 6.41.1.0-JW on the other.

I marked some user verified on the Signal device, it synced with the linked Molly. I sent a test message in a group and it arrived on both devices. Does this men Molly 6.40.4 fixed it?

[7heo]

I have to apologize, but I omitted a crucial piece of information:

When I did steps 8 and 9, I was on a different uplink with the two linked devices. With a different ISP, different IP, etc.

So, to replicate, it is important to take this in consideration too. I will edit my bug report to include this information.

Due to this fact, I suspect that this bug might be related to signal's closed source "spam protection" measures (I do not believe linked desktop devices can do anything wrt verification).

[7heo]

One another important fact is that I started receiving messages on my original (android 8) device, with a one month (give or take) delay. It is not every time I turn it on, but it is somewhat regular: whenever I turn the device on, there is a good chance it will get messages from the conversations I had on the linked (android 11) device, about a month prior.

[valldrac]

@7heo Thanks for the detailed report. Signal is making server changes related to this. Can you try and see if this problem happens with the latest version of Molly?

[valldrac]

I assume this issue is fixed. If not, please let me know. Closing now.

[7heo]

I don't have anyone to try this with. However, my Signal phone still lags several weeks behind Molly. I'm not sure how much of this is related to Signal, or related to Molly, or if it is even something I triggered by using my Signal phone to "sign" a contact with a different uplink while my Molly phone was on my "usual" uplink. I have unfortunately absolutely no time to allocate to this atm. I'll see if I can in the fall; I might have time again.