F-Droid apk signing key (SHA1) is vulnerable to SHAttered attack


The FDroid apk signing key still uses SHA1 despite its vulnerability to the SHAttered attack and others like it. While this subject was touched upon in a previous thread it it might be prudent to start looking for a way to move to a more secure hash function. This may be seen as low risk, but its still a risk.


There is a follow up attack on SHA-1 recently announced this year a month ago making the transition from the hash more urgent.


cc/ @hans I know you guys at The Guardian Project take security seriously.


Android 4.2 and older do not support SHA256 signatures at all, so
switching the APK signature means entirely dropping support for Android
4.2 and older. That’s the only reason I know why we haven’t done it

Also, it is not a particularly high priority since there are also GPG
signatures on the APKs, and the there is the index signatures that signs
the SHA-256 of every APK in a repo. Then there is also good HTTPS
config. Plus the upcoming F-Droid v1.8 will drop TLSv1.0 and TLSv1.1
entirely on devices that support it.

For more info: https://f-droid.org/docs/Security_Model