OSS-DocumentScanner icon indicating copy to clipboard operation
OSS-DocumentScanner copied to clipboard
verified publisher icon Akylas

[FEATURE REQUEST]

Open NarwhalPrince opened this issue 1 year ago • 2 comments

Add App Signer Certificate Hash for Document Scanner App

Description: Please add the app signer certificate hash for the document scanner app, making it compatible with AppVerifier. This would allow users to easily verify the app's integrity during testing and enhance security by ensuring that only the legitimate app is being tested.

Why

  • Simplifies the validation process for people installing through Obtanium

  • Ensures the authenticity of the app when used with AppVerifier.

Thanks!

NarwhalPrince avatar Oct 05 '24 17:10 NarwhalPrince

What is the app signer certificate ? Any documentation?

farfromrefug avatar Oct 05 '24 18:10 farfromrefug

APKs are signed with the developer's certificate.

https://developer.android.com/studio/publish/app-signing

AppVerifier uses this to verify the authenticity of the APK.

https://github.com/soupslurpr/AppVerifier

NarwhalPrince avatar Oct 05 '24 18:10 NarwhalPrince

@NarwhalPrince OK sorry I misunderstood so you just want me to put my hash in the readme ?

farfromrefug avatar Oct 06 '24 18:10 farfromrefug

In the README works great. This helps a lot with downloading apps from sources without a chain of trust.

Thank you!

NarwhalPrince avatar Oct 06 '24 18:10 NarwhalPrince

@NarwhalPrince https://github.com/Akylas/OSS-DocumentScanner?tab=readme-ov-file#appverifier-hashes is that good?

farfromrefug avatar Oct 09 '24 13:10 farfromrefug

That looks good for the Play Store versions of both OSS Scanner and CardWallet.

The IzzyOnDroid and GitHub versions report the following for OSS Scanner:

com.akylas.documentscanner 0D:10:AA:10:E0:3A:7E:76:97:22:BE:43:88:BE:63:BD:15:7A:7B:7B:F1:96:FB:3C:EB:AB:87:37:F9:6C:A8:71

And they report the same hash for CardWallet, as expected:

com.akylas.cardwallet 0D:10:AA:10:E0:3A:7E:76:97:22:BE:43:88:BE:63:BD:15:7A:7B:7B:F1:96:FB:3C:EB:AB:87:37:F9:6C:A8:71

NarwhalPrince avatar Oct 09 '24 13:10 NarwhalPrince

@NarwhalPrince this is strange. I got those from AppVerifier using the versions installed on my phone which are github versions. Not sure what s going on here

farfromrefug avatar Oct 09 '24 13:10 farfromrefug

The hashes you listed in the README correspond to the versions on Play Store according to my testing. Check your app info for the installation source?

NarwhalPrince avatar Oct 09 '24 13:10 NarwhalPrince

Screenshot_20241009-085505.png

Screenshot_20241009-085559.png

NarwhalPrince avatar Oct 09 '24 13:10 NarwhalPrince

Checked an earlier version as well.

Feel free to contact me here if you would like: https://simplex.chat/invitation#/?v=2-7&smp=smp%3A%2F%2F0YuTwO05YJWS8rkjn9eLJDjQhFKvIYd8d4xG8X1blIU%3D%40smp8.simplex.im%2FFSVIsGrqlqqgOj6uD0o1A3C31fK1igUy%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEATbG4no3oFI4WtZg7ywwHLmJ3MvOz5m7efPnRFecuLQw%253D%26k%3Ds%26srv%3Dbeccx4yfxxbvyhqypaavemqurytl6hozr47wfc7uuecacjqdvwpw2xid.onion&e2e=v%3D2-3%26x3dh%3DMEIwBQYDK2VvAzkAu84cdI6pYaefq8lc5qrTD4UUJbNmRJJG7cv-2ulZa61KDwQmw-yCP_rxGV4Iy-Icy6DL4Pk8Mks%3D%2CMEIwBQYDK2VvAzkAk1WSFhvSgh2FDTs_Wp_gyqcB6I9gbduMPEos45GC--95a5Qvs0idLCH2EKo2KAhhhAY_Zf2Bi-s%3D

NarwhalPrince avatar Oct 09 '24 13:10 NarwhalPrince

@NarwhalPrince Thanks a lot must be an issue on my side. I updated with the hashes you provided!

farfromrefug avatar Oct 09 '24 20:10 farfromrefug

Awesome, thank you!

NarwhalPrince avatar Oct 10 '24 02:10 NarwhalPrince