Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/113903513898753427">GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 28-Jan-2025 11:05:28 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><a href="https://gnusocial.jp/notice/8732884" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/311501" title="nebulatide@mastodon.bsd.cafe">Doerk</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://suya.place/users/a1ba">@a1ba</a> <a href="https://mastodon.bsd.cafe/@NebulaTide">@NebulaTide</a> They did provide a code transparency system to prove the generated APKs match the provided code but it does not cover all the relevant forms of resources, just all the code, so we don't think it provides what is needed even if it was widely adopted to verify what's generated.</p><p>Google essentially moved to the system used by the Apple App Store where developers upload bundles of signed code which are then turned into the actual signed packages by Apple and Google.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4458174#notice-8733354">In conversation</a><time datetime="2025-01-28T11:05:28+09:00" title="Tuesday, 28-Jan-2025 11:05:28 JST">about 5 months ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/113903513898753427" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/113903513898753427">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 28-Jan-2025 11:05:28 JSTGrapheneOS
in reply to
@dalias @a1ba @NebulaTide They did provide a code transparency system to prove the generated APKs match the provided code but it does not cover all the relevant forms of resources, just all the code, so we don't think it provides what is needed even if it was widely adopted to verify what's generated.
Google essentially moved to the system used by the Apple App Store where developers upload bundles of signed code which are then turned into the actual signed packages by Apple and Google.
In conversationabout 5 months ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice