"Open in Browser" silently removed from F-Droid

TPS April 29, 2018, 1:47pm 9

I think this is the reason, from another app that had the same problem:

Simple Alarm Clock disappeared from F-Droid repo Apps

The known vulnerabilities means it uses the old F-Droid signing key.

&, more authoritatively,

Many old, unmaintained apps have been archived

F-Droid relies on the standard tools for verifying the signatures of APKs, these are Oracle Java’s jarsigner and Google Android’s apksigner. Both of those tools recently disabled the MD5 algorithm used in the APK signatures which are an essential part of the security of the Android platform. That means that any APK signature that uses MD5 is now considered unsigned by jarsigner and apksigner, and unsigned APKs are considered uninstallable. That means that apps that were built a long time ago …

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled

Mastodon