Removing App Doesn't De-Register for Push?

[tjharman]

Is this possible even with the Android Ecosystem, I don't know.

All I know is a friend installed it, had a play, didn't like it and uninstalled it. But I still see them as registered for PUSH, even after a refresh.

For the moment I've suggested he reinstall, deregister and then uninstall.

[moxie0]

Supposedly GCM will eventually tell the server he's uninstalled, but the fastest thing to do is explicitly unregister.

[androclus]

i'm not clear as to why uninstalling doesn't automatically de-register the user, or at least ask them if they would like to de-register? android / play store does not provide a hook for this?

[moxie0]

it does not

[meow81]

I have the same experience. I'm on Android, a friend is on iPhone (the platform is irrelevant I suppose). He uninstalls the app after a while, meawhile Signal still shows him as registered. It took me several weeks to finally realize he was never receiving my texts because Signal was still attempting to push him secure messages, but he no longer has the app. It's frustrating because you have no control whether your contacts will continue to use the app.

Ask: Signal must unregister a user when they uninstall the app. Why doesn't it?

As it is right now, I have to long press on the send button for EVERY message to this person to ensure it's being sent as a SMS and not a signal message.

Also, I'm using the app as my default messenger whereas my friends are not. They occasionally use it to securely chat with me. Would be nice if I could have a secure chat with them and a separate regular SMS/MMS chat with them. so I don't have to toggle between the modes per message.

[tjharman]

Because there is no way for an app to know it's been uninstalled. Android doesn't fire any "Oh hey you're getting uninstalled!" type of broadcast/intent etc.

Android just walks up behind the app and shoots it in the head. It doesn't say to it "Hey, any final words?"

Get your friend to go here: https://whispersystems.org/textsecure/unregister/

Follow the steps. Or even do it for him/her then ensure they click on the message.

Done.

[meow81]

still not a good solution. the contacts I'm referring to were using the iOS app, not Android, but not sure that makes a difference here. Also, I akready shared the unregister help page, but they haven't done it. Average users wouldn't know to do this and shouldn't have to be instructed to do so. So signal just collects phone numbers as registered perpetually? How does that make sense for the Signal users that remain? From their perspective, Signal will continue to try and push secure messages to users that don't have the app installed leaving the sender unaware.

So users are left to wonder what's going on when their contact decides not to use the app any longer. You have no idea why they don't respond. I guess I'm realizing that I may not be able to use Signal as my default SMS/MMS because of this scenario. I may restrict it to secure messaging only so this scenario can't happen. I loved the convenience of having all the messaging in one spp.

[tjharman]

This is true of all messaging apps. I know people who have removed Viber from their phone. You can send them messages, they time out. Whatsapp etc.

It's a universal problem. There's no easy solution. You could "time out" accounts after a period of inactivity, but how long should that be? What is the user ships their phone from New Zealand to the UK? That takes 3 months. Should their account be deactivated?

I'm sure if you can think of a better solution it'd be welcomed, but no one (as far as I'm aware) has come up with a good solution to this problem. Even iMessage suffers from it. All solutions at the moment require the user to

1) Deregister before uninstalling 2) Following some sort of uninstall progress with the website/company.

This is why Signal (and most other apps) show you the 1 tick 2 tick thing. 1 tick, Signal's server got it. If it never goes to 2 ticks but you know the person still has their phone etc, you can be pretty sure they've uninstalled the app.

[tjharman]

META/OFFTOPIC: Wow I can't believe I'm responding to a ticket I originally opened asking the same question.

[meow81]

I think the issue really comes down to I'm attempting to satisfy both of my messaging needs (secure/sms,mms) with one app. Whereas in the past I was using apps like telegram, whatsapp, etc. as standalone apps for a single use case. I suppose if I only use Signal for the secure need, then I wouldn't really run into this scenario because the casual trial type users in my contact list I probably would only be sending them SMS. So if they decided to try signal and bail, I likely would have only been sending them SMS in the other app anyway. The ones I truly use Signal with are a select few people for specific reasons where we want to communicate securely and are willing to make the effort.

lol about the ticket age. yours was the first search result that looked the most relevant to my issue. I hadn't even noticed the age of it or that it was closed. sorry abouyt that and thanks for responding.

[brjhaverkamp]

Hello all, I was bitten by this bug as well. I cant sent messages to a particular contact because Signal still thinks this contact is using Signal. And I cant really ask this contact to unregister..

I understand the technical reasons why automatically unregistering someone is difficult. But there should be an option to circumvent this issue.

It would be good to have an option to force my Signal messenger to not send encrypted messages to a particular contact. Or to override the asumption that the other sde is using Signal.

It should also be doable that there is a deactivation of an account after x months of not being used. 4 or 6 months seems reasonable.

Regards,

Bert

[tjharman]

You can hold down the send button to be given the "send as an SMS" option, at least on the Android app.

[brjhaverkamp]

Indeed, so part of the solution is there. However, having to think and remember to hold down the send button to be given the "send as an SMS" is a pain an not very userfriendly.

What Im asking for is an option "this contact is not using signal (anymore)" and all texts are send as SMS from then on.

[brjhaverkamp]

To add, this problem is currently accumulative. I now have only one contact, but in a while there might be more. Having to remember who to send plain SMSes to is not really an long term option..

[nevercast]

I'd like to see a "Default: Unencrypted" option under the Conversation menu for a Contact. This would get around this issue. Obviously default would always be Encrypted if it was available, but can be forcefully overridden by the sender once from 'Conversation settings'.

[matslarson]

Agreed. Obviously the ideal solution is a way for the Signal server to recognize that the app has been uninstalled and automate the deregistration of the number, but in lieu of that functionality, which currently doesn't exist, adding an option for the sender to default the offending recipient to insecure SMS seems like a reasonable (and trivial to implement) workaround.

[deutrino]

See also #2285

[duaneking]

Just fully removed Signal from all organizational devices because of this issue. Its NOT OK that somebody has their life put at risk due to not being able to get messages due to this critical defect.

[tjharman]

@duaneking How do you suggest this issue is resolved, when Android doesn't have any way to let the App know it's being uninstalled?

[duaneking]

This is also an issue on iOS; its not android specific. Human lives are being risked, and all I'm seeing are jr devs making jr dev excuses instead of taking ownership of the code they write like adults, so let me say this: It Is NEVER OK TO ALLOW YOUR CODE TO HARM PEOPLE.

If you are modifying the persons phone in a way that does not allow people to get their messages if they do not have the app installed, then you have already failed to safeguard lives and the purity of the communication channel. Delete all code and start from scratch.

Its stuff like this that is the reason I had to worry about the FCC when I worked at a phone company to help rebuild their messaging stack; If Signal as a company was a full CLEC (Phone Company) this defect would make the application illegal to install on phones because it violates our right to free speech,, actively gets in the way of free speech by blocking communication, and actively puts lives at risk.

[tjharman]

Lovely rant but you didn't answer my question.

[duaneking]

You are asking me to fix the for-profit companies bad architecture? When they have investors?

[meow81]

I think if Signal wasn't marketed as being able to also be your default sms app, then this wouldn't be as much of an issue. In my case, the issue was really obvious when I was using Signal as my default sms app. Once I went back to another app for SMS and only using Signal for secure messaging or a standalone messenger, I don't have the issue because the contacts that previously tried and bailed on Signal I text without issue outside of Signal.

Doesn't solve the issue of being able to send messages into a blackhole of still registered but inactive users, but just wanted to share that's how I work around this. I only use Signal for secure messaging with a select few contacts. Default SMS app is outside of Signal.

[tjharman]

@duaneking My company? I'm just a user like you, except that I'm aware of how free open source software works and therefore I don't expect everything to be handed to me on a platter like I'm entitled to it. I have nothing at all to do with OpenWhisperSystems nor Signal development.

You're so convinced the software is at fault, all I was asking for is the process by which it should be fixed. It's so very easy to stand at the sideline shouting "It's broken", I was asking you to try shouting some suggested fixes instead, though to be honest I knew you wouldn't, that was obvious from your tone straight away.

@meow81 There's no doubt it's an issue - that's why this ticket exists. The problem has no easy solution, I work around the issue the same way as you. Sometimes I text a user on Signal, then realise they're not getting the double tick delivered. If this is the case I'll often SMS them "Have you uninstalled Signal?" and if they say yes, I SMS them the instructions to manually unregister.

Regardless, the question is simple: How can Signal know if a user has uninstalled Signal vs having their phone turned off for 4 weeks for some reason (they're in hiding or similar?) If someone comes up with a clever answer to this, this problem could be solved.

Personally the only solution I can think of is an additional app is installed to monitor if Signal is installed or not. They both monitor each other and if either is uninstalled, Signal server gets notified of an un-register. Of course no one expects or wants to install two apps, so this solution doesn't fly.

[duaneking]

This isn't free/opensource software in that sense. The company has investors, is the impression I have gotten from watching VC social media accounts.

This could be fixed through a dramatic architecture of the entire system, a marketing re-branding to remove the idea that this should in any way compete with or otherwise fully replace the default of SMS/MMS , and an acknowledgment that if they block messages at all in any way they should be rightly pulled from the app store.

The issue at hand is this defect is systemic to their very broken design for this system. Its not a simple fix. They are also attempting to do what i would consider to be "bad things" on a phone where this is installed, and people who run the android/iPhone app stores may not be aware that this issue is effectively a full denial of service attack against SMS and MMS on the users phone.

The question is not "How can Signal know if a user has uninstalled Signal vs having their phone turned off for 4 weeks for some reason (they're in hiding or similar?)". That's a false question that assumes that this is the right architecture to begin with, when it is clearly not as it puts lives at risk and actively censors people from getting messages.

The correct question is actually "How do we make best effort to encrypt and secure the communications channel, while at the same time allowing people to still get messages sent to them without putting their lives at risk or censoring people"?

The reason that android/ios/etc does not support a "am I being uninstalled" hook is because it would just be massively abused by malware and is considered massively insecure. That's not the direction ANYBODY wants to go, and if people are claiming its the only reasonable direction then they either don't understand security, or they are actively maliciously lying to you.

[moxie0]

@duaneking I don't know in "what sense" this isn't "free/opensource software," but since you're so tightly in the loop, can you please tell our "investors" to contact us? We haven't heard from them (ever, actually). This is not a business.

It sounds like you're not a user, so I don't know why you're posting here, but if you do have constructive input, the forums are the place for that.