Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Publish hash or publish app on Gplay #67

Open
graphene1over opened this issue Sep 5, 2024 · 0 comments
Open

[Enhancement] Publish hash or publish app on Gplay #67

graphene1over opened this issue Sep 5, 2024 · 0 comments

Comments

@graphene1over
Copy link

graphene1over commented Sep 5, 2024
edited
Loading

I really like this app, but the only way to install it is through sideloading, which breaks the AOSP TOFU security model.

Would you be open to publishing the signing certificate hash on a separate website so that one doesn't have to blindly trust the GitHub release?

That way AppVerifier could be used to verify the APK before installing and not have to blindly trust an app that has network permissions.

Publishing on Gplay or Accrescent, as suggested in #21 would also fix this, Accrescent is still in whitelist only stage at the time of writing though, and obviously not the best option in terms of usability for devs.
@graphene1over graphene1over changed the title [Engancement] Publish hash or publish app on Gplay [Enhancement] Publish hash or publish app on Gplay Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@graphene1over