[genewitch]

I skimmed and didn't see that but the "apkdiff" script extracting the apk because "diff doesn't work well on zips" made my gut twitch.

Why can't I sha256sum the two apk?

[CHY872]

Archive formats are hard to make reproducible because there are lots of ways of making different yet equivalent archives. So it’s not surprising to me that someone would fail at this hurdle and find it frustrating to resolve. Nix defined their own format for this to avoid this exact problem.

[tuukkah]

It seems there are multiple reasons. For one, the apk files include a digital signature and you won't have Signal's and Google's private keys available to recreate their signatures.

[genewitch]

Thank you for this nice response. Did you already know or did you look it up? please don't tell me you just copied and pasted my question into an input form somewhere and it gave a bunch of reasons...

i should have done that.

[tuukkah]

I was interested in this so I had a look at the tools.

Now that I asked ChatGPT, it didn't include this reason - perhaps it's too obvious and no-one has written it down before.