Hacker News new | ask | show | jobs
by gowld 783 days ago
What's the status of trustworthy reproducible build systems for deploying open source code to apps on Android?
2 comments
kevincox 783 days ago
https://f-droid.org/docs/Reproducible_Builds/

I think Signal also does this for their Android app. I'm not sure of much else in this space.

link
1oooqooq 783 days ago
well, zero. just like apple. since there's no convenient way for the user the validate anything they are installing other than "the app store said so"
link
sodality2 782 days ago
This is a response to a question of Google Play’s reproducibility which is moot because of the distribution mechanism. *Android* in general does have reproducibility especially from third party repos like F-droid.
link
1oooqooq 782 days ago
correct.

sadly fdroid usage is close to zero. and even there verification requires adb hacks and very expert users, even for basic hash checking.

link