search

dashpay / dash-wallet

Dash Wallet for Android
https://dash.org
174 stars 169 forks source link

Please remove trackers again #229

Closed IzzySoft closed 4 years ago

IzzySoft commented 5 years ago

v6.6.2 introduced several trackers and proprietary components, namely:

Could you please remove those again – or at least provide an APK without those? Sensitive data like finances shouldn't have such things involved. And you don't have full control with proprietary libraries as you can never be sure what they really do (apart from what was advertized). Thanks!

HashEngineering commented 5 years ago

I plan to make a flavor that omits these items.

Additionally, after getting fdroid to work with a similar app that I have also development (forked), I will try getting this app (with only FOSS components) to work with fdroid.

HashEngineering commented 5 years ago

Progress will be posted in here.

IzzySoft commented 5 years ago

That's great news – thanks a lot, looking forward to that! In the meantime, I've removed v6.6.2 from my repo and disabled auto-update. As soon as a tracker free APK is available and you let me know that, I can switch that toggle around again. Of course as soon as your app hits the official repo, I'll congratulate you and remove the app from mine (to avoid confusion with the signatures not matching).

Wish you good and easy progress!

HashEngineering commented 5 years ago

Thanks for your support in this matter. An alternative is to have a separate branch, which would have these dependencies completely removed as opposed to conditionally removed, but I not sure how that will work with tagging and versions.

As part of another project, I am getting the fdroid build system up and running on my workstation. I am testing it on the fdroid app first to ensure that it is working. It appears to be building every version of that app. Perhaps I can update this issue next week with more good news.

IzzySoft commented 5 years ago

An alternative is to have a separate branch

That's currently unsupported by F-Droid AFAIK (cannot build from branches). But you could use build variants or product flavors in gradle. Many other projects do it that way. In F-Droid Metadata, we then just specify the build variant to pick.

HashEngineering commented 5 years ago

Thanks. That will help.

I was testing the build process with several apps:

  1. the fdroid app
  2. Bitcoin Wallet (de.schildbach.wallet) - This managed to build one version, but the rest had many errors about not finding git branches
  3. Groestlcoin Wallet (with prod flavor) - building is underway...
HashEngineering commented 5 years ago

The build process is working for Groestlcoin Wallet and now submitting the merge request.

Groestlcoin Wallet uses a similar structure as this wallet which includes flavors and the apk locations. Those things were figured out.

IzzySoft commented 5 years ago

Sounds good, thanks! If you want to supply both APKs then, can you make sure there's a pattern to automatically distinguish them by their names (e.g. have the tracker-free version always end on -foss.apk, -noanalytics.apk or something like that)?

HashEngineering commented 5 years ago

Yes. I will change the file name of the FOSS version.

HashEngineering commented 5 years ago

The other app, Groestlcoin Wallet, will be merged soon. This means that I have learned the process of adding an app and can start on Dash Wallet soon.

HashEngineering commented 5 years ago

The other app, Groestlcoin Wallet, has been merged. Now I know all the requirements. NonFreeNet had to be added since that app uses several non free websites to get information. Such sites include exchange rates sites and block explorers. For Dash Wallet, I will start with 6.5.1, which has no non-FOSS dependencies.

IzzySoft commented 4 years ago

For Dash Wallet, I will start with 6.5.1, which has no non-FOSS dependencies.

6.5.3 still ships with GMS, Firebase and Firebase Analytics.

HashEngineering commented 4 years ago

Yes, 6.6.4 (most recent version) that still ships with those.

I am working on a build that excludes these items.

If we don't exclude those items, then the fdroid builder results in this:

BUILD SUCCESSFUL in 1s
9 actionable tasks: 8 executed, 1 up-to-date
INFO: Scanning source for common problems...
ERROR: Found usual suspect 'firebase' at line 59 at wallet/build.gradle
ERROR: Found usual suspect 'firebase' at line 63 at wallet/build.gradle
INFO: Removing binary at wallet/test/de/schildbach/wallet/util/backup-protobuf-testnet
ERROR: Found binary at wallet/test/de/schildbach/wallet/util/bitcoin-backup-protobuf-testnet
WARNING: Found possible binary at common/src/main/res/font/montserrat_regular.ttf
WARNING: Found possible binary at common/src/main/res/font/montserrat_semibold.ttf
WARNING: Found possible binary at common/src/main/res/font/montserrat_medium.ttf
INFO: Removing gradle-wrapper.jar at gradle/wrapper/gradle-wrapper.jar
ERROR: Could not build app hashengineering.darkcoin.wallet: Can't build due to 3 errors while scanning
INFO: Finished
INFO: 1 build failed

Hopefully I can get around all of this.

HashEngineering commented 4 years ago

@IzzySoft Perhaps you can point me in the direction of making a working build script.

I am trying two things:

  1. Build 6.5.1 using Fdroid and I am seeing errors like this: 
    WARNING: Ignoring META-INF/MANIFEST.MF from unsigned/hashengineering.darkcoin.wallet_60510.apk
DOES NOT VERIFY
ERROR: res/drawable-xhdpi-v4/logout.png entry referenced by META-INF/MANIFEST.MF not found in the APK
ERROR: res/layout/uphold_logout_confirm.xml entry referenced by META-INF/MANIFEST.MF not found in the APK
ERROR: 
/tmp/tmpayc8k7m2/sigcp_hashengineering.darkcoin.wallet_60510.apk:

    This is similar to what I was getting two years ago, where the fdroid built APK does not verify against the one I have on Github.

The build script I am using is this:

Categories:
  - Money
License: GPL-3.0-or-later
AuthorName: Dash Core Group
AuthorEmail: support@dash.org
WebSite: https://www.dash.org/dash-android-wallet/
SourceCode: https://github.com/dashevo/dash-wallet
IssueTracker: https://github.com/dashevo/dash-wallet/issues
Translation: https://www.transifex.com/dash/dash-wallet/
Changelog: https://raw.github.com/dashevo/dash-wallet/HEAD/wallet/CHANGES

AutoName: Dash Wallet
Description: |-
    Have your Dash always with you, in your pocket! You pay by quickly scanning a QR
    code. As a merchant, you receive payments reliably and instantly. Dash Wallet is
    the first mobile Dash app, and arguably also the most secure!

    FEATURES

    * No registration, web service or cloud needed! This wallet is de-centralized and peer to peer.
    * Display of Dash amount in DASH, mDASH and µDASH.
    * Conversion to and from national currencies.
    * Sending and receiving of Dash via NFC, QR codes or Dash URLs.
    * Address book for regularly used Dash addresses.
    * When you’re offline, you can still pay via Bluetooth.
    * System notification for received coins.
    * Sweeping of paper wallets (e.g. those used for cold storage).
    * App widget for Dash balance.

    CONTRIBUTE

    All translations are managed via Transifex:
    [https://www.transifex.com/dash/dash-wallet/]

    You can find more about Dash at [https://www.dash.org/].

    TESTIMONIALS

    * A recommended mobile wallet by [https://www.dash.org]

    Use at your own risk!

RepoType: git
Repo: https://github.com/dashevo/dash-wallet
Binaries: https://github.com/dashevo/dash-wallet/releases/download/v%v/dash-wallet-%v.apk

Builds:
  - versionName: 4.65.12.1S
    versionCode: 40056
    disable: Produces an invalid apk file
    commit: 00c3b6283211a053a75a8bcae57ba9169eb7aa22
    subdir: wallet
    gradle:
      - prod
    srclibs:
      - DashJWallet@v0.14.3-12.1
    prebuild: sed -i -e '/<module>examples/d' -e '/<module>tools/d' -e '/<module>wallettemplate/d'
        $$DashJWallet$$/pom.xml
    scandelete:
      - wallet/test/de/schildbach/wallet/util/backup-protobuf-testnet
      - wallet/src/main/jniLibs
    build: $$MVN3$$ clean install -DskipTests -f $$DashJWallet$$/pom.xml -X

  - versionName: 4.65.12.1U
    versionCode: 40058
    disable: wait-for-review
    commit: v4.65.12.1U
    subdir: wallet
    gradle:
      - prod
    srclibs:
      - DashJWallet@v0.14.3-12.1
    prebuild: sed -i -e '/<module>examples/d' -e '/<module>tools/d' -e '/<module>wallettemplate/d'
        $$DashJWallet$$/pom.xml
    scandelete:
      - wallet/test/de/schildbach/wallet/util/backup-protobuf-testnet
      - wallet/src/main/jniLibs
    build: $$MVN3$$ clean install -DskipTests -f $$DashJWallet$$/pom.xml -X

  - versionName: 6.5.1
    versionCode: 60510
    commit: v6.5.1
    subdir: wallet
    gradle:
      - prod
    output: build/outputs/apk/prod/release/dash-wallet-prod-release-unsigned.apk
    prebuild: 
      - git submodule update --init --recursive
      - "echo 'task wrapper(type: Wrapper) { gradleVersion = \"4.4.1\" }' >> ../build.gradle"
    #build: gradle assembleFossRelease
    scandelete:
      - wallet/test/de/schildbach/wallet/util/backup-protobuf-testnet
      - wallet/test/de/schildbach/wallet/util/bitcoin-backup-protobuf-testnet
      #- wallet/cpp/dashj-bls/bls-signatures/contrib/relic/art/logo.png

AutoUpdateMode: None
UpdateCheckMode: Tags
CurrentVersion: 6.5.1
CurrentVersionCode: 60510

If I try to build the current version 6.6.4 without GMS, Firebase and Firebase Analytics, I get error relating to the build requiring gradle 5.1.1 or above, while the current version is 4.1.0.

And the bottom of the build script is this:

    versionCode: 60640
    commit: v6.6.4-foss
    subdir: wallet
    gradle:
      - prod
    output: build/outputs/apk/foss/release/dash-wallet-foss-release-unsigned.apk
    prebuild: 
      - git submodule update --init --recursive
      - "echo 'task wrapperUpdate(type: Wrapper) { gradleVersion = \"5.4.1\" }' >> ../build.gradle"
      - "echo 'task wrapperUpdate(type: Wrapper) { gradleVersion = \"5.4.1\" }' >> ../common/build.gradle"
    build: gradle assembleFossRelease
    scandelete:
      - wallet/test/de/schildbach/wallet/util/backup-protobuf-testnet
      - wallet/test/de/schildbach/wallet/util/bitcoin-backup-protobuf-testnet
      #- wallet/cpp/dashj-bls/bls-signatures/contrib/relic/art/logo.png
HashEngineering commented 4 years ago

In the above case of 6.6.4 without GMS, etc, I created a foss branch and a tag called v6.6.4-foss for the purposes of testing an froid build.

before that I had used the same build.gradle as the 6.6.4 master and used conditional statements of various kinds to exclude GMS, etc from the build process. Those conditional statements didn't result in a build without those components. Additionally when trying to build with fdroid on the unaltered v6.6.4 tag on the master branch, ERRORS were reported on any line that had "firebase." I suspect that simply using conditional statements will still result in a failure.

I am considering creating my own repo that will be forked from this one where I remove the GMS,etc statements and code and then make it work with fdroid.

IzzySoft commented 4 years ago

Thanks for your hard work, @HashEngineering! I'm no Android dev nor a packager, so I'm afraid I cannot much help with these details. If you've setup a build variant/flavor, we could try reaching out to one of our packagers to help (F-Droid doesn't work with branches directly; for cases like this we depend on build variants/flavors).

HashEngineering commented 4 years ago

I am closing this issue since it is being addressed in #19.

I forgot that this issue was open and was replying in #19