search

zapstore / zapstore

Permissionless app store powered by your social network
https://zap.store
MIT License
41 stars 4 forks source link

Prompt if app identifier has a different signature #59

Open franzaps opened 1 month ago

franzaps commented 1 month ago

Updates work by querying the relay for an app identifier with a newer version. If the newer version artifact has a different certificate the upgrade will be rejected by Android, it would be great to gracefully handle the situation.

The likelihood of different signatures for same app id is non negligible (self-signed, F-Droid, Play Store).

Maybe we should index the certificate pubkey in the artifact? https://github.com/zapstore/indexer/issues/7

Down the line this would allow us to prompt the user to remove a dirty Play Store fiat install in favor of a pure, beautiful FOSS version.

alltheseas commented 1 month ago

Prompt if app identifier has a different signature #59

Who is being prompted in case signatures dont match?

Zapstore? App dev? User?

franzaps commented 1 month ago

zapstore will prompt/inform the user, user can choose to uninstall current app to prevent it being rejected by Android

alltheseas commented 1 month ago

zapstore will prompt/inform the user, user can choose to uninstall current app to prevent it being rejected by Android

This is a technical matter. I am for giving the end user maximum visibility.

Concurrently I wonder how might any of this be communicated in a 9th grade reading level?

Should zapstore handle this in an "auto-pilot" way/under the hood?

franzaps commented 1 month ago

User needs to take actions outside of the control of zs. We should find friendly messaging for instance " It appears you have a different version of this app, that you probably installed on Play Store. If you'd like to install the version on zap.store you need to remove the app first, make sure you back up all you data"

We might be able to detect Play Store / F-Droid certificates, need to confirm.

franzaps commented 1 month ago

Actually it might be a useful tool to nudge people out of slave tech and into freedom tech

franzaps commented 1 month ago

https://github.com/zapstore/indexer/issues/7

alltheseas commented 1 month ago

if a normie reads this they will become confused

" It appears you have a different version of this app, that you probably installed on Play Store. If you'd like to install the version on zap.store you need to remove the app first, make sure you back up all you data"

franzaps commented 1 month ago

if a normie reads this they will become confused

" It appears you have a different version of this app, that you probably installed on Play Store. If you'd like to install the version on zap.store you need to remove the app first, make sure you back up all you data"

How about "you're using slave tech. Remove that trash and install again using zap.store"

Jokes aside- what do you suggest? Not doing anything is a worse option because a signature mismatch will cause an update via zap.store to fail

alltheseas commented 1 month ago

I don't know if we can word it much simpler. I am wondering if there is some more automated way to 1) uninstall the app 2) backup data 3) install via ZS 4) "restore" using the backed up data

franzaps commented 1 month ago

@alltheseas I will check Android permissions but I really doubt it's possible. Also, there is no single way of backing up/restoring an app's data

alltheseas commented 4 weeks ago

on 0.1 robosats fails to upgrade to latest version. all other apps tested updated

franzaps commented 1 week ago

Pain in the ass. WIP

final bytes = hexToBytes(
      '30450a1d3afbd22c98d9d8e987df8c1fbc2d0c97be21930c3b4d73906b0890bb');
await AndroidPackageManager().hasSigningCertificate(
      packageName: 'org.package',
      certificateBytes: Uint8List.fromList(bytes),
      type: CertificateType.sha256);
final flags = PackageInfoFlags(
    {
      PMFlag.getMetaData,
        // Note: THIS IS REQUIRED if you need access to permissions
        // And the information is contained under `requestedPermissions`
        // instead of `permissions`
        PMFlag.getPermissions,
        PMFlag.getReceivers,
        PMFlag.getServices,
        PMFlag.getProviders,
      PMFlag.getSigningCertificates},
  );

  final info = await AndroidPackageManager()
      .getPackageInfo(packageName: 'org.package', flags: flags);
  info!.signingInfo!.signingCertificateHistory!.first;

the hash is calculated on the raw ASN.1 DER encoding of the certificate, not the PEM representation.

franzaps commented 1 week ago

Implemented a check that happens when copying the package SHA-256 to the clipboard. If something's wrong there will be an error message.

I'll leave it there for testing and later on could reuse in some more useful way.