Support for MSC3917 cryptographic verification of room membership
There was a major vulnerability announcement for Matrix in 2022: https://nebuchadnezzar-megolm.github.io/
Matrix has patched most of the most immediate issues, but the major flaw in Matrix's security design remains: Clients must rely on homeservers to tell them who is / isn't a member of each room. A malicious or compromised homeserver can lie and add fake users, who then will receive decryption keys from the clients. This is bad.
Matrix has a new spec to address the root issue: MSC3917
Before we can end our beta, we MUST implement support for the cryptographic verification from MSC3917. Hopefully Matrix provides this upstream in the Android SDK. But if the time comes when we need to launch, and they still haven't done it, then we must do the work ourselves.