New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce Threat model #782

kmindi opened this Issue Feb 26, 2014 · 5 comments


None yet
5 participants
Copy link

kmindi commented Feb 26, 2014

It would be good to know what attacks/threats were already considered in the current design and how they should be prevented. Additionally it would make sense to add those which were left out or are not considered at the moment.

Maybe this could be done in the context of a wiki page.

Threat related Issues


  • #934 MasterSecret implements Parcelable, secure?
  • #1299 Improve privacy of contact discovery
  • #1725 Creating of group leaks name and included numbers to participants before any message is sent
  • #3080 Everyone who has my phone number can figure out that I use textsecure
  • #4300 different certificates served to my home internet connection vs. cell data (fits in more categories)
  • #5100 SSL Certificate Problem
  • #5618 Protection against Retroscope
  • #5724 Hyperlink previews

Being forced to do something:

  • #175 Quick way to wipe message database
  • #1512 Secondary Password to Erase All Messages

Traffic Analysis:

  • #878 Prevent Traffic Analysis
  • #328 Feature request: Sending dummy short messages

Message Security

  • #1073 Forwarded SMS not being encrypted when not touching text
  • #1716 Reading "Encrypted" Messages without Password
  • #1764 Enable sender to delete own messages from all parties in the conversation (more elaborate than #900)
  • #2461 IV is zero on Android 4.3


Application Locking:

  • #784 Optional Lock
  • #1388 Adaptively block recurring password entries
  • #268 Feature request: Lock TextSecure upon connection to usb
  • #1474 After Crash Wrong Password Allowed Entry
  • #2761 Make disabling passphrase password protected
  • #3017 Login Screen and last character of password visible in app switcher
  • #4132 Lock screen with PIN entry not using FLAG_SECURE (PR #4152)
  • #5116 App does not prompt for password

Application Storage Security:

  • #4 Switch to page-level database encryption
  • #184 Too few rounds of PBKDF2 when encrypting master key with password
  • #247 MasterSecretUtil salt size of 8 bytes below NIST recommended minimum of 16 bytes
  • #570 Improve storage encryption key iterations
  • #1015 Add possiblity to store key verification
  • #1387 Disable ADB backups for security reasons

Application Runtime Security

  • #5618 Protection against Retroscope (reading secrets from RAM)

Denial of Service

  • #6104 Potential "DOS" (android app, not server) vulnerability

Application hiding/obfuscation

  • #1190 [Feature Request] Ability to hide TS as another app


  • #127 Request: Google Play signed download alternative
  • #6121 Check android sdk sha256 sum on Dockerfile

Dependencies (e. g. other libraries)

  • #6334 Speex decoder is vulnerable


  • #1085 Allow different kinds of identifiers for registration
  • #826 Fingeprint Exchange

(Leak of) Personal Identifyalbe Information (PII) / Privacy:

  • #6276 Anonymous bug reporting mechanism reveals personal info
  • #5570 Bug report leaks authentication secrets (#4832, #5204, #6159)
  • #7064 Overall Privacy-Compromise Created by Profile Feature [Possible leak of Google Account Name via Profile default content]

Communicating/Showing Security related Issues

  • #903 Add Service Announcements
  • #838 [Feature Request] Choice of security presets during setup
  • #2114 [UX] [security] Notification if plaintext message is received in encrypted conversation

Threat Model

  • Document current security features and what attacks they should prevent
  • Create an overview about the attacks which should be prevented
  • Create security architecture diagrams
  • Introduce Tests to ensure sourcecode always matches specification for security features

This comment has been minimized.

Copy link

generalmanager commented Nov 22, 2014

@kmindi Sorry for bothering you again, but I'd love to see #2114 mentioned here. Thanks for your effort!


This comment has been minimized.

Copy link

Quantum-cross commented Aug 18, 2015

I would argue that "#2761 Make disabling passphrase password protected" should be extended. Maybe an option that will immediately lock storage upon entering privacy settings, requiring the passphrase to change anything in the privacy settings and unlock the store again.


This comment has been minimized.

Copy link

kmindi commented Aug 18, 2015

@Robcross that comment should go in #2761


This comment has been minimized.

Copy link

automated-signal commented Apr 2, 2018

GitHub Issue Cleanup:
See #7598 for more information.

@signalapp signalapp locked and limited conversation to collaborators Apr 2, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.