Reproducability issue

[keraliss]

Hey, keraliss from walletscrutinty! I was trying to test the reproducability of your app, and was following your instruction. We were able to create the apk from the source code. we also grabbed the official apk from the play store. While comparing those, we got this diff -

Files fromBuild/classes3.dex and fromOfficial/classes3.dex differ
Files fromBuild/classes5.dex and fromOfficial/classes5.dex differ
Only in fromOfficial/: lib
Only in fromBuild/res: anim
Only in fromBuild/res: animator
Only in fromBuild/res: animator-v21
Only in fromBuild/res: anim-v21
Only in fromBuild/res: drawable
Only in fromBuild/res: drawable-anydpi-v23
Only in fromBuild/res: drawable-v21
Only in fromBuild/res: drawable-v23
Only in fromBuild/res: drawable-watch-v20
Only in fromOfficial/res: E5.ogg
Only in fromBuild/res: interpolator
Only in fromBuild/res: interpolator-v21
Only in fromBuild/res: layout
Only in fromBuild/res: layout-land
Only in fromBuild/res: layout-sw600dp-v13
Only in fromBuild/res: layout-v21
Only in fromBuild/res: layout-v26
Only in fromBuild/res: layout-watch-v20
Only in fromBuild/res: menu
Only in fromBuild/res: mipmap-anydpi-v26
Only in fromBuild/res: mipmap-hdpi-v4
Only in fromBuild/res: mipmap-mdpi-v4
Only in fromBuild/res: mipmap-xhdpi-v4
Only in fromBuild/res: mipmap-xxhdpi-v4
Only in fromBuild/res: mipmap-xxxhdpi-v4
Only in fromBuild/res: raw
Only in fromOfficial/res: rM.txt
Only in fromBuild/res: xml
Files fromBuild/resources.arsc and fromOfficial/resources.arsc differ
Only in fromBuild/: stamp-cert-sha256```

we also got 900+ lines of diff containing xml, png, webp and json changes. Can you guys look into it, what is the issue and how we can resolve this?

[ktecho]

Hey @michaelWuensch

I've also followed your instructions from here and I got this for v0.8.6. Do you know what could be the cause?

Files built/base/AndroidManifest.xml and official/base/AndroidManifest.xml differ
Files built/base/classes2.dex and official/base/classes2.dex differ
Files built/base/classes3.dex and official/base/classes3.dex differ
Files built/base/res/xml/splits0.xml and official/base/res/xml/splits0.xml differ
Files built/base/resources.arsc and official/base/resources.arsc differ
Only in official/base: stamp-cert-sha256
Files built/base-arm64_v8a/AndroidManifest.xml and official/base-arm64_v8a/AndroidManifest.xml differ
Only in official/base-arm64_v8a: META-INF
Only in official/base-arm64_v8a: stamp-cert-sha256
Files built/xxhdpi/AndroidManifest.xml and official/xxhdpi/AndroidManifest.xml differ
Only in official/xxhdpi: META-INF
Files built/xxhdpi/resources.arsc and official/xxhdpi/resources.arsc differ
Only in official/xxhdpi: stamp-cert-sha256

[michaelWuensch]

@keraliss @ktecho Thanks for going through this. Somehow Google Play is messing with the apks that it generates. Depending on the device chosen for the reproducibility flow the results are different. Some seem to not have any critical differences, others do have them.

But hey, look what I just found in google plays advanced settings: I now turned it off. This might be the solution, but it only affects new builds that I upload. I have 7 days left to do so, after that I am kind of locked, as I have to increase android target sdk level to be able to further upload to play store but the increase will crash the current Tor implementation. I am waiting for some updates on the tor library. I hope I manage to upload a new build, but I have to be careful not to fuck anything up, as than I have no way to fix an error.

[ktecho]

Wow... good luck! If we can help, tell us.

[michaelWuensch]

Sure, I'll let you know when I uploaded a new build.

[michaelWuensch]

@keraliss @ktecho I just did the release of 0.8.7 with that google play optimization setting turned off. It might take a while though until it has passed the review and you can update. For me, not much did change, but I never got the dex differences in the first place. Here is a screenshot of my diff:

I did it with a Samsung S22. What devices did you use?

When it is finally available, it would be awesome if one of you guys could retest it and see if disabling that optimization setting had any positive effect. Thanks!

[ktecho]

I used a Pixel 6a. Will test again as soon as 0.8.7 appears at Play Store.

[michaelWuensch]

Ok thanks. And one more thing just to be sure... the instructions were still for 0.8.1. I hope you did actually check out version 0.8.6 before building it with the docker image. If you didn't, then you compared 0.8.1 to 0.8.6 Anyway, I have now also updated the instructions for 0.8 7

[ktecho]

Yeah, I tried with 0.8.6.