You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I really like this app, but the only way to install it is through sideloading, which breaks the AOSP TOFU security model.
Would you be open to publishing the signing certificate hash on a separate website so that one doesn't have to blindly trust the GitHub release?
That way AppVerifier could be used to verify the APK before installing and not have to blindly trust an app that has network permissions.
Publishing on Gplay or Accrescent, as suggested in #21 would also fix this, Accrescent is still in whitelist only stage at the time of writing though, and obviously not the best option in terms of usability for devs.
The text was updated successfully, but these errors were encountered:
graphene1over
changed the title
[Engancement] Publish hash or publish app on Gplay
[Enhancement] Publish hash or publish app on Gplay
Sep 5, 2024
I really like this app, but the only way to install it is through sideloading, which breaks the AOSP TOFU security model.
Would you be open to publishing the signing certificate hash on a separate website so that one doesn't have to blindly trust the GitHub release?
That way AppVerifier could be used to verify the APK before installing and not have to blindly trust an app that has network permissions.
Publishing on Gplay or Accrescent, as suggested in #21 would also fix this, Accrescent is still in whitelist only stage at the time of writing though, and obviously not the best option in terms of usability for devs.
The text was updated successfully, but these errors were encountered: