|
|
|
|
|
|
by mi100hael
3542 days ago
|
|
|
Hmm that's an interesting idea. I'm assuming their phone server is Java, same as their text server, so the builds should theoretically be identically reproducible for both. It seems like it should be possible to include a field in each response with some sort of signature so users can verify which build is serving requests. It'd have to be in every response so that they can't just reverse-proxy /status to the valid build and serve other requests from a modified build, and it'd have to be somehow dependent on some changing external factor or input so they can't just hard-code the valid build's signature. |
|
|