This W3C MiniApp format sounds a lot like JAR signatures, aka APK v1 signatures.
Although not an ideal format, it is at least well understood and explored.
As for some background on why APK v2/v3 signatures have this spot to stick data
in the signing block, the Android team developed a sche
* Hans-Christoph Steiner [2023-02-03 07:58]:
> This W3C MiniApp format sounds a lot like JAR signatures, aka APK v1
> signatures. Although not an ideal format, it is at least well understood
> and explored.
Actually, "between the final entry and the zip's central directory" is
exactly where the
If it is any consolation, I've done some review of large sets of malware apps.
They are not using any of these spots to hide stuff, from what I've seen. They
gold standard for malware is to not include the key code at all, and instead
download it at runtime. Some "enterprise" apps do that a
Hey kpcyrd,
>> Please review the draft for January's Reproducible Builds report:
>
> There was a recent update on rb-general@ by Akihiro Suda about
> SOURCE_DATE_EPOCH in BuildKit v0.11 that I consider very noteworthy
> (although it was technically in February). :)
Great idea, especially as the
Thanks!
2023年2月3日(金) 22:20 Chris Lamb :
> Hey kpcyrd,
>
> >> Please review the draft for January's Reproducible Builds report:
> >
> > There was a recent update on rb-general@ by Akihiro Suda about
> > SOURCE_DATE_EPOCH in BuildKit v0.11 that I consider very noteworthy
> > (although it was techni
