dvdc on Nostr: Sure, but how do you know the APK is the repository's source code? I can sign a ...
Sure, but how do you know the APK is the repository's source code? I can sign a malicious APK, and the signature will still be valid.
Published at
2024-10-29 20:54:01Event JSON
{
"id": "045dbde8639993ecb0a002e1e23a95629340fe696593c541edd76a0f712a6565",
"pubkey": "6b1b8dac34ffc61d464dfeef00e4a84a604e172ef6391fb629293d6f1666148c",
"created_at": 1730235241,
"kind": 1,
"tags": [
[
"e",
"eef28688b3a4f488aeae644bcf2a609037840c427b28a2f8f7e217f60e0853ec",
"",
"root"
],
[
"e",
"2394db1625defcb1d0fe9dd97ac48c1ca5bdd42918f46c23d3933df8b5f022a9",
"",
"reply"
],
[
"p",
"372b9ed9227386691557ddcd600bd178c842b2d6a3a3fac39e8e02ca2fb90f16"
]
],
"content": "Sure, but how do you know the APK is the repository's source code? I can sign a malicious APK, and the signature will still be valid.",
"sig": "e5a21cb8817ff094d00fb1fc85e89acb2f2c4783f2332fdb80cece39acc3ead032ebf00452b6cf734efba298249d71b48e816b6040e1198ec5b89c2f350684b4"
}
