[Alpha] Greenline - A qml Whatsapp client for Ubuntu Touch
-
Nice! Your app could be very useful especially to receive notifications in background with lower battery costs.
Hope the whatsmeow library can remain reliable in the long run!
Maybe you would like to post some screenshots of your app?
-
Is it possible to log in with a phone number in this application?
-
@sahirul not yet, but is planned. For now, qr code only
-
Lots of changes since my original post. Some highlights:
- Better name resolutions
- Sync history chats
- Fixed some bugs around logging out and disconnecting
- Better performance when loading many chats
- Add video and image messages
- Sticker support
- Better avatar sync and resolution
- Swipe to copy messages
- Reply messages are shown
- Faster startup sync
Latest release: https://github.com/brennoflavio/greenline/releases
-
I have a question, given that 3 have 3 separate parts to your app ( Go, Python and QML), did you ensure the security of communication between them? How is it enforced that no other app, or process will be able to access the Whatsapp private data?
For example you say that the Go module exposes a JSON RPC endpoint, but are there security measures to make sure that this endpoint can be accesed only by your app, and no other app or process?
Thank's a lot for your work!
-
@pparent not yet! But I can expand on this topic.
First, the communication between go and python happens over a unix socket. This ensures that all communication is local between parts. This app does not expose your data outside the phone neither open ports (outside the WhatsApp socket). Notifications are also fully local (ubports push server is not used). But any unconfined process can access the socket and manage your account, three's no protection against that.
Also its important to mention that your encryption keys, messages and contacts are stored as plain text in 3 SQLite databases in the app data folder. This is necessary to do e2e encrypted communication with whatsapp, and it's similar to how Whatsnew or any other Whatsapp web client works by design.
This means that an attacker with a non root shell access in your device can steal your keys and send messages on your behalf for example. This is also true for our other Whatsapp web clients.
On Android, the official client uses a sandboxed storage to protect those keys, so only the app or a root user can access the keys. But as far as I know there's no such mechanisms in Ubuntu Touch for us to use.
-
On Android, the official client uses a sandboxed storage to protect those keys, so only the app or a root user can access the keys. But as far as I know there's no such mechanisms in Ubuntu Touch for us to use.
oh thanks a lot for this remark. Finally I'm getting a glimpse of what is meant by 'our banking app can only work on secure devices'. I know that Google Play protect has other mechanisms but I did not see what could not yet be done on Linux phones.
-
as far as I know there's no such mechanisms in Ubuntu Touch for us to use.
Have you seen the secret-tool package? It's similar to using GNOME keyring.
You can also write your own keyring mechanism assuming your daemon starts before any app. It will store the keys in plain text when the phone is powered off and thus rely on full storage encryption. When the device boots up, the daemon will read the key from the file, store it in its memory and encrypt the file with the file's content as key. This daemon will communicate with your app via dbus or similar and send the keys only to the appropriate app id.May the source be with you
-
Ok so another confined app does not have permission to access your messages and data, via this Unix socket?
-
Have you seen the secret-tool package? It's similar to using GNOME keyring.
Though it is to be noted that a porblem we have currently with App-armour profiles, is that it won't let you communicate with the keyring in DBus via the api libsecret. It is a problem for browsers like "Chromium for UT" or "Min Browser" that get non-functional password manager because of that.
-
Have you seen the secret-tool package? It's similar to using GNOME keyring.
Though it is to be noted that a porblem we have currently with App-armour profiles, is that it won't let you communicate with the keyring in DBus via the api libsecret. It is a problem for browsers like "Chromium for UT" or "Min Browser" that get non-functional password manager because of that.
I am currently packaging Aria (Misskey client) and ran into the same problem. Had to patch it to store the credentials in a JSON file under
~/.local/share. -
Ok so another confined app does not have permission to access your messages and data, via this Unix socket?
Confined apps cannot access files outside their specified directories (config, data, cache), so they cannot use the socket.
-
as far as I know there's no such mechanisms in Ubuntu Touch for us to use.
Have you seen the secret-tool package? It's similar to using GNOME keyring.
You can also write your own keyring mechanism assuming your daemon starts before any app. It will store the keys in plain text when the phone is powered off and thus rely on full storage encryption. When the device boots up, the daemon will read the key from the file, store it in its memory and encrypt the file with the file's content as key. This daemon will communicate with your app via dbus or similar and send the keys only to the appropriate app id.I'll look into it, thanks! In an ideal scenario all 3 SQLite databases should be secured against an unconfined process. Not sure if this will be possible tho.
-
I've just installed the app and synced with my iPhone. I really like it and especially the notifications, they're near instant.
It does take a while to fetch all data/contacts and stuff, some profile pictures don't load and there's no indication on how much it's fetching and what.
Also, replying on specific messages doesn't seem to work or I can't find the gesture and messages from the same person all show their name. But other than that, it's sweet! I love how it integrated with the rest of the OS, finally no web app!
Running on FP5 24.04.2x daily
-
@777X hey thanks for using the app! Feel free to report any other issues.
The avatar sync module needs more love, currently it populates slowly as you use the app, at some point they'll will be there.
And replies are not implemented (yet). But hopefully soon it will be implemented
-
a porblem we have currently with App-armour profiles, is that it won't let you communicate with the keyring in DBus via the api libsecret
is there a good reason for that ? is the API open to exploitation by a malicious client or is there some mechanism to prevent that ?
-
Thank's I will test the app in details, this week when I have time.
This week, I will also make a youtube video on my canal to present Whatsnew, I will mention your work as one of the (upcoming) alternative for Whatsapp.
Thank you!
-
New alpha with more quality of life features:
https://github.com/brennoflavio/greenline/tags
- Integration with lock screen with number of messages read [needs qa]
- Full background sync, faster startup times
- Tapping on a notification opens the chat of that notification
- Support for messages that are only links
- Call notifications
- Only notify the last message of a chat room
- Clear notification for the chat room once chat is opened
- Notification badge support (unread count in the side bar)
- Messages from groups should notify the group name in the title, not the person name [needs qa]
-
So I've tested the app! I think it is great!
There are great features that whatsnew does not have and probably will not have anytime soon: notifications when the app is closed, the possibility to consult messages online, the app is way more fluid and has a "native app" feeling that whatsnew does not have (Although some conversations take time to load in greenline), and it starts up incredibly fast.
There are also features that are lacking in comparaison to whatsnew (like calls, sending and reading audio messages, editing messages, deleting messages, transferring messages, archived conversations, polls, and I guess a lot of advanced features that whatsapp web has )
I think the two are complementary. Also I think it's always good to have two alternatives, because both of them can break at any moment when Whatsapp make changes, so it's good to have two of them.
I hope to see it soon in the openstore, I will mention your app in my upcoming video!
Thank you very much for your work!
-
Ps: An imporant feature for me would be to be able to enable/disable notifications globally. Because right now if I don't want to get Whatsapp notification, it is a problem if I have greeline installed.
Ps2 : I see that Whatsapp recognizes greeline as an Android client, not a Whatsapp web client.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login