When using your app, the F-Droid interface doesn’t provide information about who built the app from source, who signed the app, or whether the app can be reproduced from source code. This information is only available on the website when viewed in a browser, but it’s not included in the main f-droid.apk app.
Please add important information: who compiled the app, who signed it, and how the compatibility check was performed. It’s possible that the app is open source, but the developer added unnecessary hidden functionality during compilation, then signed the app with their key and uploaded it to the f-droid directory. Without verifying that the app complies with the source code, its security cannot be guaranteed.
Versions 1.12.20 (616) and 1.12.14 (595) have not passed the reproducibility test, but they were published on the website and they are not signed by the f-droid developer. I don’t want to install such versions because there may be backdoors inside that were made by the app developer, and the f-droid company published possible malware. We need more information about the verification and who signed the application. The latest versions sing-box have not been tested for reproducibility at all over the last 2 months.