Open ovz93br43v7 opened 3 years ago
+1 for this. I download Newpipe from github since fdroid takes a few days to update newpipe and when youtube changes its encoding I dont want to have to wait for fdroid to update newpipe.
Also there are apps like DeadHash which can be used to easily verify your APK files on Android to ensure they have not been tampered with and the app support many different hashes.
Another suggestion would be for Newpipe to not only check for updates, but download the APK from github, do a hash check to ensure it is secure and then install it within the Newpipe app. Similar to how FF Updater works on downloading and installing updated browsers.
Automatically downloading the app is not important for a feature however.
Checklist
Describe the feature you want
I currently download the NewPipe APK files directly from Github but it feels a bit "unsafe" for me because I couldn't find any GPG signature and SHA hash to verify my download. So I would like to have for every release a SHA512 hash and a possibility to verify the APK file with GPG.
Optionally, also describe alternatives you've considered: I tired to get F-Droid running on my FireTV but it doesn't work, so I can't use your repo or NewPipe from F-Droid itself.
Is your feature request related to a problem? Please describe it
No chance to verify direct github downloads of NewPipe.
How will you/everyone benefit from this feature?
Improved security.