Leo Wandersleb on Nostr: In the case of Android the approach we use is to compile the apk ourselves and then ...
In the case of Android the approach we use is to compile the apk ourselves and then compare the results. Comparing involves unzipping both apks and then comparing file by file. This is necessary as zip compression can result in different bits depending on the version of zip being used but the uncompressed data matches. We also use diffoscope that provides more insight into signing blocks that are in parts that normal zip tools might ignore. A different approach is to compile the app, extract the signature from the official app, add the signature to the compiled app and then verify the signature. If it's valid, the file is reproduced with only the signature coming from the official file.
In the case of hardware wallets, the signature is typically a block of binary at the start or the end of the file, too. We shift the burden of verification if other stuff might reside there and do harm to those that do actual code audits, which we do not provide at this point.
Published at
2024-09-22 19:24:16Event JSON
{
"id": "ba57ec7c54c65e4873124c5ef27a8815ae4e08edc367be0f75c6cb74f54011d1",
"pubkey": "46fcbe3065eaf1ae7811465924e48923363ff3f526bd6f73d7c184b16bd8ce4d",
"created_at": 1727033056,
"kind": 1,
"tags": [
[
"e",
"526dadcc2079b95df7b31239c17db4a5802086c1c4755969d0ee679604672e41",
"",
"root"
],
[
"e",
"5f3dcdb9b566c9f4663754b23432caa3c86e1e939e169beefd95a5b74db8e24f",
"",
"reply"
],
[
"p",
"aac07d95089ce6adf08b9156d43c1a4ab594c6130b7dcb12ec199008c5819a2f",
"",
"mention"
],
[
"p",
"3ba9b8cf58082bd37eec18455b26bb04a47f4a8e835ac18c7ea4348673ee1623",
"",
"mention"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "In the case of Android the approach we use is to compile the apk ourselves and then compare the results. Comparing involves unzipping both apks and then comparing file by file. This is necessary as zip compression can result in different bits depending on the version of zip being used but the uncompressed data matches. We also use diffoscope that provides more insight into signing blocks that are in parts that normal zip tools might ignore. A different approach is to compile the app, extract the signature from the official app, add the signature to the compiled app and then verify the signature. If it's valid, the file is reproduced with only the signature coming from the official file.\n\nIn the case of hardware wallets, the signature is typically a block of binary at the start or the end of the file, too. We shift the burden of verification if other stuff might reside there and do harm to those that do actual code audits, which we do not provide at this point.",
"sig": "c1c131e055f43c5d27e91856582b7e0896abed7a86d31c134fd78813eb8d5e1948c51d74e2c29f1728e5f237983473a485d4dcfbb0bd0ea6bc71d02c94330b97"
}