Closed rael007 closed 7 months ago
Miguel-Signal
commented
7 months ago Hi @rael007
It sounds like you may not want Signal to appear in the share menu. You can configure this by swiping to the end of the list of apps that appear after tapping on the share button in any app, tapping 'More', tapping 'Edit', then toggling off Signal in the list of suggested apps to appear.
rael007
commented
7 months ago No, this is not what I want. As I mention in the bug report: "it would be acceptable for the Signal app itself to appear". I am not worried about the Signal App itself. I am worried about the contact profile photo appearing before the Signal app itself as one of the choices.
Miguel-Signal
commented
7 months ago What would be the ideal behavior here? To have your profile photo not appear in the share menu but still appear everywhere else? Is there another app you use that does this?
Thanks for helping us understand your use case!
rael007
commented
7 months ago The ideal behavior would be that the profile photo not appear in the share menu, nor, presumably anywhere else outside of Signal unless I configure that behavior explicitly. So, when you say "everywhere else", that is not quite right. I don't want it anywhere outside of Signal unless perhaps I explicitly configure things to allow that.
If I were to speculate, I believe the issue is that something in IOS is "learning" (in other words "snooping") from Signal about these contact profile photos somehow, perhaps it is Siri doing this. It is possible that the only way to prevent this is to have the user manipulate a setting in IOS before they start to use Signal. Or, perhaps, it is possible that a code change in Signal could prevent this unauthorized snooping into what is supposed to be very, very private data within Signal.
Miguel-Signal
commented
7 months ago We appreciate you taking the time to give us feedback and suggestions on hiding your profile photo in the share menu only. I will share it with our developers.
Due to the limitations of iOS and how the share menu works it would be helpful to know if you've experienced the behavior and customizability you want with another app.
In the meantime we would encourage you to provide this as a feature requests on the community forum, which can be found here: https://community.signalusers.org/
I do believe this is a serious bug, not a feature request. Regardless, I think it needs to be addressed.
Bug description Possible major security breach with Signal contact photos showing outside of Signal with no warning, and no explicit permission given by users for this to occur. This could gravely compromise the security of a contact whose identity needs to remain closely guarded.
Steps to reproduce -Install Signal on iPhone. Have your contact install Signal on theirs. -Create contact inside of Signal, not using iPhone contacts. Have your contact do likewise. -Set your contact photo. -Send a message to your contact. -Have them reply to you, perhaps do this a few more times. -Contact then goes to photos in iPhone, selects the Share icon. -Actual result: My contact photo, created entirely within Signal for private sharing between me and my contacts, is displayed outside of Signal as one of the options to whom to send the photo, a major security breach for the user whose contact photo is displayed outside of Signal. -Expected result: What should not appear, ever, except with explicit intent and proactive setting on the part of the Signal user, is my contact photo as one of the options to which to send the photo. What should appear is beyond the scope of me to say, but it would be acceptable for the Signal app itself to appear, along with photos of non-Signal contacts, or, conceivablly, contact photos from Signal contacts should you explicitly make a choice for those to appear outside of the app. It is entirely unacceptable for this to be any kind of default behavior, especially one that is difficutlt to debug and undo.
Screenshots Device info Device: iPhone 15 Pro Max
iOS version: 17.1.2
Signal version: 6.50.1.0