My signal app the other day had 2 seperate, a few days apart, updates from the app itself. Asking for install from unknown sources to check in the settings to be checked. Doing this outside of both stores which usually update the app from F droid or Aurora.
Seems odd that the signal app itself asked to update itself from a notification from the drop down menu. How can I make sure it has not been compromised? Anyone else experienced something of the sort?
If you trust the initial install then unless there is a warning about the signing key you are good. Only signal devs can sign the builds so if you installed the play store version then updated with their standalone apk or fdroid version then it should just work as the signing key is the same.
Guardian project are just publishing signals apk files as the signature matches.