Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

Issue 6750: Detect update channels using signatures

Sayantan Roychowdhury requested to merge 6750-respect_update_channels_signature into main

Description

Use proper sources to update apps.

Screenshots

Note to reviewers

This a relatively big merge request, kindly go commit by commit to make sense of it all.

Technical details

Problem

If an app is present on both F-Droid and Google Play, App Lounge has not been showing the GPlay version for quite some time now. So if any user had a very old version of App Lounge and installed any such app from GPlay, in recent versions of App Lounge, the user can no longer update the app. This is because App Lounge always tries to update that app (installed from GPlay) from F-Droid. This causes a certificate mismatch error.

Concepts

Signing certificate

An app publisher has to sign their app with a custom certificate when publishing an app on any app store. This certificate acts as an ID proof, denoting the app is genuine. All updated APKs or app bundles must be signed with the same certificate, else Android Package Manager will not install the update. The same app uploaded on different stores will have different certificates. So an app and it's updates on GPlay will always be signed with a certificate (say) C1, and the same app and all it's updates on F-Droid will always be signed with (say) C2.

More info (this may be outdated or incorrect and is based on personal experience): Google Play has an additional certificate for each app if the developer opts in to Google Play App Signing. This certificate is internal to Google. This causes an app uploaded on GPlay have a signing certificate that is, almost always, different from that on F-Droid, even if the developer uses the same signing certificate on his end to sign the APK for both F-Droid and GPlay.

Signatures on F-Droid and cleanapk.

F-Droid stores the PGP signature for 3 latest releases of an app, and is available from the app's details page on F-Droid website. Thankfully, cleanapk stores signatures of releases even prior to that.

A signature is unique to an APK file. With each update, the signing certificate must be the same, but the signature will keep changing, similar to how checksums change.

Signature version on cleanapk

Cleanapk has different internal version naming for signatures of apps.

An app with version code (say) 10 will have signature version (say) - "update_33".
An older version 9 will have signature version - "update_32"
And so on.

Tests

Screencast_2023-05-12_04_23_32

Issues

e/backlog#6750 (closed)

10 commandments of code reviews

👪 https://gitlab.e.foundation/internal/wiki/-/wikis/development/code-review

Edited by Sayantan Roychowdhury

Merge request reports