search

antoinepirlot / Satunes

Modern MP3 Player to listen your local music files on Android Lollipop 5.1.1+ & compatible with Android Auto.
GNU General Public License v3.0
33 stars 4 forks source link

Remove `DependencyInfoBlock` #1046

Closed licaon-kter closed 2 weeks ago

licaon-kter commented 2 weeks ago

ref: https://gitlab.com/fdroid/checkupdates-bot-fdroiddata/-/jobs/8274423746#L1023

We find that there is a DependencyInfoBlock in your APK.

It's a Frosting block in the signing block.

It's added by AGP and encrypted with the Google public key so it can't be read by anyone else except Google. You can read more about it here and here.

While this was added a while ago, we were only enforcing it for new apps, and recently we started scanning updates too.

Could you please disable it with the following code?

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

Thanks!

antoinepirlot commented 2 weeks ago

Hello,

I didn't know about this thing.

I updated the code and released the v2.4.4 that contains this modification.

Thank you :)

licaon-kter commented 2 weeks ago

thanks