ggsava / block-this

Block This - FREE DNS based Ad Blocker for Android
https://block-this.com
GNU General Public License v3.0
373 stars 61 forks source link

Security consern: why does the binary only available on separate resource? #5

Closed netkgk closed 8 years ago

netkgk commented 8 years ago

Does the author alter the binary with a malware or there is another good reason why it is not published via github and\or f-droid? I've read news about removal from playstore, but there is a plenty of other apps left based on the same idea (fake VPN connection), so it raises concerns if there was another good reason for the removal, except that was because of the fact it was an adblock.

ggsava commented 8 years ago

The binary is not available only for one reason - signature. I'm thinking about ways to put it on F-droid, the problem is the existing 50-100 users thousand will run into errors when updating the app (wrong signature). F droid uses their own signature to sign the binary, so if I switch to F droid I will have to exclusively distribute from their site and change the whole update process ( currently there are auto update notifications sent to users with a download button ) . Also every single user who has the app right now will have to reinstall it. It's a very hard thing to achieve now and yes it is a problem.

The code base is exactly the same though and if you don't want to take my word for granted, you can decompile the app using any java decompiling tool and look at it yourself. I'm not using any obfuscation for the code so it should be easy enough to read through and verify the APK you download from block-this.com.