Open IzzySoft opened 2 months ago
You really get around! I've seen posts from you on a couple of android apps that I took inspiration from while I was writing Hot Stuff. So, thanks for visiting my little corner of the internet.
This is my first public-facing app, so it's probably going to take a bit for me to become familiar with these features. Here's a link to that first release, and I'll make sure that these releases are made alongside the versions published to the Play Store.
You really get around!
As repo maintainer that tends to happen, yes. So disclosure: I was hoping to include your app with my repo, yes :wink:
it's probably going to take a bit for me to become familiar with these features
Took me several years. But we all learn from each other, so it's usually a win-win.
Here's a link to that first release
Thanks! Looking at it now, running it through my scanners. First note:
SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
This can easily be avoided:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
No show-stopper, but would be nice to have fixed with the next release.
Offending libs:
---------------
* Google Mobile Services (/com/google/android/gms): NonFreeComp
1 offenders.
Oof. That's not that good, as it's proprietary. What do you need it for? Looking at your build.gradle.kts
, I have a guess:
id("com.google.android.gms.oss-licenses-plugin")
Not the best choice: always be careful if something carries .gms.
in its package name. That plugin drags in GMS. But there are several good replacements available, some of them using the same license as your app and hence fitting from that point as well. I'm no Android developer, so I cannot tell which one to recommend by functionality – so please check for yourself. AboutLibraries is still actively maintained and probably a good choice, the other Apache-ones haven't seen any activity lately.
Permissions look fine. So it would be just that blob and GMS you'd like to fix. I'll meanwhile integrate your app now, it will have the NonFreeComp
anti-feature first (because of GMS) which will be removed once fixed.
Oh, and it would be a good idea to have your tag names correspond to either the versionName
(v1.1.1
) or the versionCode
(e.g. c5
) :wink:
A "LOL" remark: you might wish to take a look at VT for your APK. Google doesn't like it for some reason, and Ikarus (a minor engine) considers it a Trojan…
That said:
Funny: android.hardware.camera
, but no CAMERA
permission… Well, will become available here with the next sync around 6 pm UTC. Waiting for your updates to remove the "red flags" then :smiley:
I'll make sure that these releases are made alongside the versions published to the Play Store.
:heart_eyes:
Ouch, seems like I have some reconfiguring to do! These all seem like pretty simple fixes, so I should be able to have a version ready in a couple of days. Really appreciate you taking an interest, this is all great advice.
Thanks, and best luck for easy adjustment! If you want to, I then also can send you the metadata in fastlane format via PR, so you have it in your own hands how your app is presented. For some background on that, you can see my Fastlane Cheat Sheet. But that can come later, don't want to distract you with too many tasks at once :wink:
Could you add support for armeabi v7a architecture in your next update.
This issue is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in a week.
Hm, the last comment was from you on April 14th, @PamCatten, saying
These all seem like pretty simple fixes, so I should be able to have a version ready in a couple of days.
Now I wonder whose activity is expected? :wink: Hint: there was no new version since. No pressure, just saying :smiley:
Is there any chance you could provide a signed release APK for download (ideally attached to tagged releases here at Github, as that's where folks would look first) for those folks without access to PlayStore? Thanks in advance!