-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APK signature verification #16
Comments
What would be a use case for this? If people want to redistribute APKs downloaded using apkeep, they could use fdroidserver's verification methods. |
Multiple APK download sources are supported, if you knew the signer you could safely download from any source even if you don't trust it, like I mentioned above. I wasn't thinking about redistribution at all. |
I'm not sure how useful would this be, but here goes:
It would be nice to be able to specify an apk signature in addition to package name for verification.
Use case: Allow downloading an APK from any source, ensuring it's still what's expected.
Something like this was added to
fdroidserver
recently, for a similar use-case.https://gitlab.com/fdroid/fdroidserver/-/merge_requests/984
The text was updated successfully, but these errors were encountered: