Smart Card Emulator (& I'm guessing some other apps as well)

So. I’m goon be quick. But I just want to say that the Smart Card Emulator is very dodgy. All of the links point to the right developer and the same repository on github, but the builds and available apks and their versions are all wrong. Also the dates don’t really make sense. I have uploaded the last tar to the totalvirus. And here are the results. Now. I know that 1/57 isn’t really that scarry. But the truth is that the tar from github is 20mb smaller and is clean on the same site.

I don’t know what’s happening with this site. But I was told that the site is secure. Well. I guess not so much.

1 Like

What do you mean?

Well for example:

The latest apk on the f-droid was added on 2022-06-27 with the source tar of size approx. 48MB. In contrast the latest release on github was added on 2022-02-01 and the tar size is around 20MB.

So I guess I was wrong about the app versions but the source files still differ from each other. Also the big date difference, in my opinion, is a little concerning

Link to VirusTotal scan for the f-droid tar
Link to VirusTotal scan for the github tar

The Smart Card Reader has the exact same issue with the size and alleged trojan found in f-droid source tar.

The date difference is normal. The build of 3.5 is fixed in misc fixes (43cfd170) · Commits · F-Droid / Data · GitLab. Even if it doesn’t need to be fixed manully, our build is always late since we need to build and deploy the apk after it’s published upstream.

The diff of the tarball is also normal. It’s 22MB vs 21MB, not 48MB vs 20MB. From the metadata you can see that we remove some files and checkout the submodules. You can reproduce the tarball with the steps in the metadata.

1 Like

Well. I guess we’re not downloading the same tarball. Look I don’t have time for this. I just wanted to report what I have found.
If I made a mistake or the VirusTotal found a false positive, then this post is obsolete.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.