|
|
|
|
|
|
by vaduz
1962 days ago
|
|
|
Reproducible builds do not help to determine if the version you download via the Play Store (or, for those on enterprise devices, any pre-installed corporate stores) is the same as you build - Play Store presents no real means to verify that. This includes any auto-updates if they are enabled. It's an issue with Play Store as a delivery channel, the individual app in question can't do much about that. Reproducible builds help if you:
- download the APK separately (includng from the Signal website, or some of the other sources)
- install the file locally via sideload
- disable updates (!) |
|
|
https://github.com/signalapp/Signal-Android/tree/master/repr...