Wire version 3.38.826 is apparently the last version to target Android 5. The app executes but users get a stupidly written block message:
“Important update Please install the latest version of Wire. [Download]”
Yet a piece of the app continues to function: messages that arrive are still decrypted and sent to the notifications panel. But users are only allowed to see as many words as will fit in the width of screen.
There’s a lot of incompetence and embarrassment here:
- Quite early obsolescence: AOS 5 users were sabotaged around 2019. (so AOS 5 dropped probably ~7-8 years after it was introduced)
- Security nannying. Only the user or user’s admin has knowledge of the use case and threat model. Wire cannot possibly know this. Yet they take the liberty of nannying and misplacing power.
- If there really is a serious security vuln that calls for such drastic measures as forcing people to throw away their hardware and buy a new phone, then why is it ok to process messages for the notification panel?
- The block screen does not bother to check the AOS version, so it offers users a false option that can only lead to defeat.
- #Wireapp can normally be fetched directly from wire.com so deGoogled users can reach it. But the block screen tries to force users into Google Playstore, which means the update mechanism is broken for deGoogled users.
- The app was never in an F-Droid repo, so apparently there is no archive of old versions.
Going forward:
-
It’s FOSS, so if the API did not change then perhaps version 3.38.826 can be hacked to remove the offending code or even just give a fake user-agent string to the server.
-
Software Conservatory should perhaps be tipped off that Wireapp should be archived. And ideally binaries too although I don’t suppose that’s in the normal scope of their role.