|
|
|
|
|
|
by dante_dev
1986 days ago
|
|
|
Right! the keyword here is "Reproducible Builds". Basically once there is documentation about how to produce the release build, you can do it yourself and compare the resulting hash with the build distributed in the Store.
Generally speaking it does no come for free, but once you find a way (e.g. for iOS compiling with a specific Xcode version in a specific OS with some adjusted config) is kind of doable (except that Apple encrypts your build server side for DRM purposes, so you'll need a jailbroken phone to do something about it) For Signal there is an open issue here for iOS [1]
and some documentation for Android [2] Some nice work about it has already be done by telegram
https://core.telegram.org/reproducible-builds [1] https://github.com/signalapp/Signal-iOS/issues/641 [2]
https://github.com/signalapp/Signal-Android/blob/fab24bcd1e5... |
|
|