Certificate issue

[IzzySoft]

A scan (see here for details and background) just revealed the APKs at your releases are signed using a debug key. As that has security implications, may I ask you to please switch to a proper release key, and provide the corresponding APK signed with it? Thanks in advance!

[arturkowalczyk300]

Thanks for the report, I will fix it soon and create a new release with an improved .apk attached.

[IzzySoft]

Thanks a lot! If you give me a ping once it's there I can cross-check ASAP and adjust the settings in my repo accordingly.

[arturkowalczyk300]

I've finally managed to introduce changes. They are contained in this release: v0.9.3. The attached .apk file is signed by my custom certificate and built as the release version. I hope it'll work properly on the repository :)

Thank you very much again for reporting the issue.

[IzzySoft]

Seems to have worked out, thanks! Though you forgot to increase versionCode, so it replaced the APK here. As Github lost the notification for your comment (didn't reach me) I couldn't check before that happened – so it caused a little cascade with your app temporarily disappearing (no worries, it will be back with the next sync, I've just fixed it up). But the v0.9.3 will show up as v0.9.2 as versioning was not updated:

package: name='com.arturkowalczyk300.cryptocurrencyprices' versionCode='902' versionName='0.9.2'

:man_shrugging:

Thanks a lot!

Oh, btw:

That DEPENDENCY_INFO_BLOCK can be easily avoided:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.