IzzyOnDroid ✅

1 year ago

IzzyOnDroid ✅
1 year ago

Before the update run completes & app-rain toot comes, some other exciting news from the #IzzyOnDroid repo that won't fit in there:

* JetNote was removed as it still used a debug key for signing.
* Occtax switched to a new and proper signing key, using key rotation, so even direct updates are possible*.

So gitlab.com/IzzyOnDroid/repo/-/… could finally be closed. There should be no debug-signed apps at IzzyOnDroid anymore after the next sync.

(1/2)

scan existing APKs for use of debug keys (#477) · Issues · IzzyOnDroid / repo · GitLab

once #475 has been completed, existing APKs should be scanned for...

^GitLab

#izzyondroid

in reply to IzzyOnDroid ✅

IzzyOnDroid ✅

in reply to IzzyOnDroid ✅ 1 year ago

(2/2)

*Your F-Droid client will most likely not even show the update unless you have "show incompatible signatures" turned on – and even then refuse to update. But downloading the APK and installing it via your file manager, or using "adb install" should work to update it without uninstalling, keeping all data intact.

in reply to IzzyOnDroid ✅

IzzyOnDroid ✅

in reply to IzzyOnDroid ✅ 1 year ago

PS: The only F-Droid client handling such issues *right now* is Neo Store (you just have to "disable signature check" in settings so it passes the APK to the Android system). Droid-ify will allow that in its next release, there it was implemented about 2 weeks ago but not yet released.

in reply to IzzyOnDroid ✅

Julian

in reply to IzzyOnDroid ✅ 1 year ago

I still wonder if it would be possible to transition from F-Droid signed to developer signed reproducible built APKs via the key rollover thingy... I should probably take some time experimenting with it...

in reply to Julian

IzzyOnDroid ✅

in reply to Julian 1 year ago

@j_r technically possible yes. Practicable no, for multiple reasons:

* you'd never get hold of the signing key used by F-Droid
* you should not give them yours either
* even if you would or they would, their setup would not allow it (that part of fdroidserver was broken back in January/February, as I just mentioned again). It would however work with IzzyOnDroid. But then a "seemless switch" would only be possible with NeoStore or Droid-ify, otherwise manual actions would be needed (as outlined)

@Julian

in reply to IzzyOnDroid ✅

Julian

in reply to IzzyOnDroid ✅ 1 year ago

yeah about the first two points I though about maybe using some kind of "intermediate" key might work, that both F-Droid and the app developer have access to

in reply to Julian

IzzyOnDroid ✅

in reply to Julian 1 year ago

@j_r But as pointed out, it would never work at F-Droid.org since they broke support for that in fdroidserver. It would have worked last year there, but now it no longer does.

@Julian

in reply to IzzyOnDroid ✅

Sentinel999

in reply to IzzyOnDroid ✅ 1 year ago

@IzzyOnDroid

@IzzyOnDroid ✅

in reply to Sentinel999

IzzyOnDroid ✅

in reply to Sentinel999 1 year ago

@Sentinel999 Which repo did you install from – and which repo are you trying to update from? IoD cannot have shipped a different signature than before as signing keys are pinned here:

screenshot from the FairEmail metadata at IzzyOnDroid showing the pinned signing key

@Sentinel999

in reply to IzzyOnDroid ✅

Sentinel999

in reply to IzzyOnDroid ✅ 1 year ago

I dont change anything, since yesterday updates failed. I disable the sig check only.

in reply to Sentinel999

IzzyOnDroid ✅

in reply to Sentinel999 1 year ago

@Sentinel999 and now look at the "provided by": Installed from F-Droid, update from IzzyOnDroid. Most likely FairEmail is not RB at F-Droid, but let me check… Bingo. So F-Droid ships a version signed with their key, while IoD ships it signed with Marcel's key. Expected behavior.

> I disable the sig check only.

Which is why the update now is offered to you *despite the different sig*. This only makes sense if you override sig check in the system eg via an Xposed module. Better switch it back 😉

@Sentinel999

in reply to IzzyOnDroid ✅

Sentinel999

in reply to IzzyOnDroid ✅ 1 year ago

thanks 👍

in reply to Sentinel999

IzzyOnDroid ✅

in reply to Sentinel999 1 year ago

@Sentinel999 and today we learned what the signature check is for 😄 While in this specific case a cross-update would (hopefully 😉) be harmless, in another case someone could have put up an altered APK with harmful code. So the signature check prevents you from installing such "altered APKs" – only APKs with the same signature (or a proper key rotation, in which case you'd need to disable sigcheck once *for that update only* in Neo Store, eg with the current Occtax) will be accepted by Android.

@Sentinel999

⇧

IzzyOnDroid ✅ 1 year ago • •

IzzyOnDroid ✅
1 year ago