[Git][reproducible-builds/reproducible-website][master] 2021-07: improved description of android code transparency
Felix C. Stegerman (@obfusk)
gitlab at salsa.debian.org
Tue Aug 3 13:49:09 UTC 2021
Felix C. Stegerman pushed to branch master at Reproducible Builds / reproducible-website
Commits:
fb27884b by Felix C. Stegerman at 2021-08-03T13:49:07+00:00
2021-07: improved description of android code transparency
- - - - -
1 changed file:
- _reports/2021-07.md
Changes:
=====================================
_reports/2021-07.md
=====================================
@@ -93,7 +93,7 @@ Lastly, Holger filed Debian bug [#991285](https://bugs.debian.org/991285) to 'un
#### Mobile development
-It was noticed that from August 2021, [Android 'app bundles'](https://developer.android.com/guide/app-bundle) will become mandatory for the Google Play Store. This will result in smaller file sizes and other advantages for the end-user, yet it will also require app developers to push equivalent 'APK' versions of their apps to other non-Play Store channels as well. But this will also mean that developers will need to supply Google with their app signing keys, with various [ramifications for code transparency](https://developer.android.com/guide/app-bundle/code-transparency). Further information can be found on the announcements on the [Android Authority](https://www.androidauthority.com/android-apks-sunset-1636829/) and [XDA Developers](https://www.xda-developers.com/google-play-billing-v3-app-bundle-requirement-2021/) sites.
+It was noticed that from August 2021, [Android 'app bundles'](https://developer.android.com/guide/app-bundle) will become mandatory for the Google Play Store. This will result in smaller file sizes and other advantages for the end-user, yet it will also require app developers to push equivalent 'APK' versions of their apps to other non-Play Store channels as well. But this will also mean that developers will need to supply Google with their app signing keys. The introduction of [code transparency for app bundles](https://developer.android.com/guide/app-bundle/code-transparency) does add an *optional* code signing and verification mechanism (using a separate signing key held solely by the app developer). Unfortunately, code transparency files are not verified at install time — only manual verification is currently possible — and only guarantee the integrity of DEX and native code files (meaning interpreted code and assets could still have been modified). Further information can be found on the announcements on the [Android Authority](https://www.androidauthority.com/android-apks-sunset-1636829/) and [XDA Developers](https://www.xda-developers.com/google-play-billing-v3-app-bundle-requirement-2021/) sites.
The [Jiten Japanese Dictionary](https://f-droid.org/packages/dev.obfusk.jiten/) and [Bitcoin Wallet](https://f-droid.org/en/packages/de.schildbach.wallet/) applications on the [F-Droid](https://f-droid.org) application store are now reproducible using [signatures in metadata](https://f-droid.org/docs/Reproducible_Builds/).
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/fb27884bb8b03b05dad56730e11618a5b38ee288
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/fb27884bb8b03b05dad56730e11618a5b38ee288
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210803/f2826124/attachment.htm>
More information about the rb-commits
mailing list