Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APK signature verification #16

Open
chirayudesai opened this issue Sep 22, 2021 · 2 comments
Open

APK signature verification #16

chirayudesai opened this issue Sep 22, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@chirayudesai
Copy link

I'm not sure how useful would this be, but here goes:

It would be nice to be able to specify an apk signature in addition to package name for verification.

Use case: Allow downloading an APK from any source, ensuring it's still what's expected.

Something like this was added to fdroidserver recently, for a similar use-case.

https://gitlab.com/fdroid/fdroidserver/-/merge_requests/984
@Hainish Hainish added the enhancement New feature or request label Sep 22, 2021
@eighthave
Copy link

What would be a use case for this? If people want to redistribute APKs downloaded using apkeep, they could use fdroidserver's verification methods.

@chirayudesai
Copy link
Author

What would be a use case for this? If people want to redistribute APKs downloaded using apkeep, they could use fdroidserver's verification methods.

Multiple APK download sources are supported, if you knew the signer you could safely download from any source even if you don't trust it, like I mentioned above.

I wasn't thinking about redistribution at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eighthave @Hainish @chirayudesai