registration fails when Signal prompts to install from playstore instead of sending verification code
I recently noticed an issue in which, when trying to register and verify new Signal numbers via signald, instead of sending the verification code to the phone number in question (as expected), Signal sends an SMS with the following text:
To continue installing, update to Signal: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
A quick search reveals that Signal seems to be sending this message out to a lot of clients using throw-away phone numbers to register Signal numbers. See, eg: https://sms24.me/number-12022214442-7, some of them since as long ago as May 31.
My best guess is that Signal recently updated its protocol, that it sees messages coming from older instances of libsignal-service-java
, and assumes they must be coming from obsolete versions of the android client, and prompts to update.
Searching the signal github repositories turns up nothing for this error message, and (interestingly) shows that the Signal-Server
repo has not been updated since December 2019.
The above is blocking continued development of signalboost, but more importantly, it would seem to pose an existential threat to the continued proper functioning of signald itself.
Has anyone else (@thefinn93 ) noticed this issue? Or have any clues how we might discover the cause?