It looks a lot like people have verified my contact on their end, while they have not, this might help imposters or scammers to look trustworthy.
Expected result:
There is a clear distinction between the verified mark from the chat client and user controlled input from contacts.
In a group members list the verified mark even replaces the status in the same line if contact is verified with no notice or anything that could help to spot this simple manipulation.
This security feature should not be so easy to spoof.
Screenshots
For reference, a verified friend of mine in a shared group looks like this.
After i set my status to ✓ Verified, from the perspective of another account, it looks like they verified my account, when in fact, it's just my status message.
This is what my profile looks like, if some set my account to verified, could you tell which ✓ Verified is the one from the client and which is from my status? I sure could not.
The details page makes a small difference between my status and the actual verified, but it's not great.
But it get's worse, when a contact looks at my profile, which has not been set to verified by them, now it looks like i am verified to them.
Details page is no help to figure this out..., the pen could mean anything here.
Bug description
At multiple places in the UI a personal status set to
✓ Verifiedlooks near identical the contact verified mark.HTML Char
✓// SourceSteps to reproduce
✓ VerifiedActual result:
It looks a lot like people have verified my contact on their end, while they have not, this might help imposters or scammers to look trustworthy.
Expected result:
There is a clear distinction between the verified mark from the chat client and user controlled input from contacts.
In a group members list the verified mark even replaces the status in the same line if contact is verified with no notice or anything that could help to spot this simple manipulation.
This security feature should not be so easy to spoof.
Screenshots
For reference, a verified friend of mine in a shared group looks like this.
After i set my status to
✓ Verified, from the perspective of another account, it looks like they verified my account, when in fact, it's just my status message.This is what my profile looks like, if some set my account to verified, could you tell which
✓ Verifiedis the one from the client and which is from my status? I sure could not.The details page makes a small difference between my status and the actual verified, but it's not great.
But it get's worse, when a contact looks at my profile, which has not been set to verified by them, now it looks like i am verified to them.
Details page is no help to figure this out..., the pen could mean anything here.
Device info
Device: iPhone 12 Pro
iOS version: 17.6.0
Signal version: 7.22 (246)
Link to debug log
No debug since this is UI only