[Feature] Backport Anti-Forensic from Molly.im (Fork of Signal)

[xyz-nobody]

Since Session is a fork of Signal.

I think it would be possible to recover some of the Molly.im code, which is also a Signal fork.

To enhance Session's anti-forensic qualities.

Session currently has only one Anti-Forensic security measure:

Manifest android:allowBackup="false"

And that, alas, is not enough.

You could recover 3/4 functionality quite easily, giving Session a big Anti-Forensic competitive advantage.

Encrypted

Protects database with passphrase encryption.

Automatic locking

Locks down the app automatically when you are gone for a set period of time.

RAM Shredding

Securely shreds sensitive data from RAM.

Disappering Messages and Phone Calls

Default for all new conversatoin.

Molly.im also displays the number of devices (master, slave).

The black point that worries me is the operation of the multi-device with the seed phrase.

After going through the faq and other documents. I don't see how it's possible to :

• know how many devices are connected
• Disconnect all other devices

As a result, it's impossible to know whether an attacker has succeeded in recovering the Seed and is therefore consulting all our messages.

It might be interesting to know the number of devices connected, or not connected for X amount of time.

I don't know if your protocol supports this.

[tashijayla]

The fact of the matter is code is complicated and it's not as simple as you just copy other people's code and get a great product, their is no point in Molly's (passphrase to secure the local message database) because of androids file-based encryption. Session has a completely different cloud Infrastructure, Session is Decentralized Molly-Slignal isn't. It's way harder to build Decentralized application's. I think the Session devs are most likely to continue removing useless signal-Molly code that is completely useless for Session and is one of the many reasons why Session has been so buggy' it's because it's got a tun of code that was never written for a Decentralized application like Session. The best thing we can all do is be patient while the devs right custom code for the job that in the end will be super reliable. Thanks for trying to help though

[xyz-nobody]

I'm not talking about the centralized side.

Molly has done a lot of work on the Anti-Forensic side of Signal.

This same anti-forensic work can be used to improve the Session client.

Session is great. But that doesn't mean we shouldn't take a look at what competing applications with the same base (Signal) are doing.

[KeeJef]

Although Session is a fork of Signal much of the code has significantly diverged since the original fork, so it would be unlikely that we could cleanly merge back much of the Molly.im code.

Theres a few things being requested in this issue so ill cover them as individual requests

Pin Encrypted Database

This is a duplicate of #424

Automated locking

Is the current "Screen lock" feature on Android insufficient?

RAM Shredding

If you could open a new issue for this would be happy to track, looks like this is what Molly.im does https://github.com/mollyim/mollyim-android/issues/25

Disappearing messages and Phone calls

Not sure what the request is here, do you just want the control message which indicate a phone call was made to also disappear? If so that will be coming in the upcoming disappearing message update

Show Linked devices

This issue can be opened on Session Android too we have a desktop issue tracking here too https://github.com/oxen-io/session-desktop/issues/2180