On 10 August 2013 11:43, Michael Rogers <mich...@briarproject.org> wrote: > If we assume that app stores aren't going away any time soon, we need > to address this problem: How can a user who downloads an app from an > app store be satisfied that it was built from published source code? > > We might also think about how to solve the problem for apps downloaded > through browsers. > > Verifiable builds are necessary but not sufficient here - they allow > an expert auditor to tell whether the binary she downloaded was built > from the published source, but an attacker might target the binaries > downloaded by certain other users without alerting the auditor. So we > also need a way for a non-expert user to tell whether the binary she > downloaded matches the one that was audited.
Not having published in any app store, I'd like to know if my assumptions here are incorrect. I *think* that app stores take a binary you upload and run their static and dynamic checks on that. They then publish that binary without modification. (Indeed, how could they modify it? You sign it with your key.) In that case, I think a verifiable build system ala Gitian would work well. The trust web is such that knowledgeable users can replicate a build to a hash. That hash is what anyone downloads via the App Store, and less knowledgeable users, but users running rooted phones, can pull the binary off and check the hash. That hash is what's signed by the developer's private signing key. The app store can't substitute a different binary (no developer signing key), users can verify that the app was what the developer produced (via pulling the binary and checking the hash), and advanced users can verify that what the developer produced is what they produce via the replicable build process. -tom -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
