TextSecure was an encrypted messaging application for Android that was a predecessor to Signal.
This source code audit and a penetration test against the Signal-Browser extension was carried out by four testers from Cure53. In terms of the scope of the test the focus was placed on a specially created tag available in the public Github repository for the extension. The test covered injection attacks, cryptographic implementations, security issues specific to browser extensions, as well evaluated robustness and transport security. The underlying cryptographic library libaxolotl - was explicitly beyond the scope within this particular assignment.
The full audit and summary of findings can be found below.
This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.