search

Akylas / OSS-DocumentScanner

Android document document scanning app
https://www.akylas.fr
MIT License
854 stars 32 forks source link

[FEATURE REQUEST] #305

Closed NarwhalPrince closed 1 month ago

NarwhalPrince commented 1 month ago

Add App Signer Certificate Hash for Document Scanner App

Description: Please add the app signer certificate hash for the document scanner app, making it compatible with AppVerifier. This would allow users to easily verify the app's integrity during testing and enhance security by ensuring that only the legitimate app is being tested.

Why

Thanks!

farfromrefug commented 1 month ago

What is the app signer certificate ? Any documentation?

NarwhalPrince commented 1 month ago

APKs are signed with the developer's certificate.

https://developer.android.com/studio/publish/app-signing

AppVerifier uses this to verify the authenticity of the APK.

https://github.com/soupslurpr/AppVerifier

farfromrefug commented 1 month ago

@NarwhalPrince OK sorry I misunderstood so you just want me to put my hash in the readme ?

NarwhalPrince commented 1 month ago

In the README works great. This helps a lot with downloading apps from sources without a chain of trust.

Thank you!

farfromrefug commented 1 month ago

@NarwhalPrince https://github.com/Akylas/OSS-DocumentScanner?tab=readme-ov-file#appverifier-hashes is that good?

NarwhalPrince commented 1 month ago

That looks good for the Play Store versions of both OSS Scanner and CardWallet.

The IzzyOnDroid and GitHub versions report the following for OSS Scanner:

com.akylas.documentscanner 0D:10:AA:10:E0:3A:7E:76:97:22:BE:43:88:BE:63:BD:15:7A:7B:7B:F1:96:FB:3C:EB:AB:87:37:F9:6C:A8:71

And they report the same hash for CardWallet, as expected:

com.akylas.cardwallet 0D:10:AA:10:E0:3A:7E:76:97:22:BE:43:88:BE:63:BD:15:7A:7B:7B:F1:96:FB:3C:EB:AB:87:37:F9:6C:A8:71

farfromrefug commented 1 month ago

@NarwhalPrince this is strange. I got those from AppVerifier using the versions installed on my phone which are github versions. Not sure what s going on here

NarwhalPrince commented 1 month ago

The hashes you listed in the README correspond to the versions on Play Store according to my testing. Check your app info for the installation source?

NarwhalPrince commented 1 month ago

Screenshot_20241009-085505.png

Screenshot_20241009-085559.png

NarwhalPrince commented 1 month ago

Checked an earlier version as well.

Feel free to contact me here if you would like: https://simplex.chat/invitation#/?v=2-7&smp=smp%3A%2F%2F0YuTwO05YJWS8rkjn9eLJDjQhFKvIYd8d4xG8X1blIU%3D%40smp8.simplex.im%2FFSVIsGrqlqqgOj6uD0o1A3C31fK1igUy%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEATbG4no3oFI4WtZg7ywwHLmJ3MvOz5m7efPnRFecuLQw%253D%26k%3Ds%26srv%3Dbeccx4yfxxbvyhqypaavemqurytl6hozr47wfc7uuecacjqdvwpw2xid.onion&e2e=v%3D2-3%26x3dh%3DMEIwBQYDK2VvAzkAu84cdI6pYaefq8lc5qrTD4UUJbNmRJJG7cv-2ulZa61KDwQmw-yCP_rxGV4Iy-Icy6DL4Pk8Mks%3D%2CMEIwBQYDK2VvAzkAk1WSFhvSgh2FDTs_Wp_gyqcB6I9gbduMPEos45GC--95a5Qvs0idLCH2EKo2KAhhhAY_Zf2Bi-s%3D

farfromrefug commented 1 month ago

@NarwhalPrince Thanks a lot must be an issue on my side. I updated with the hashes you provided!

NarwhalPrince commented 1 month ago

Awesome, thank you!