@mtigas mtigas released this Mar 20, 2015 · 520 commits to 2.X since this release

Assets 2



You can check that your version of Onion Browser matches a known copy of the app. This is helpful for safety reasons, if you are not confident that your copy of Onion Browser has been tampered with.

You'll need to have this version of Onion Browser (1.5.12) downloaded and available in iTunes. Go into iTunes and make sure that Onion Browser appears in the "My Apps" tab. Since this is the most recent version of Onion Browser, ensure that the app is updated. (If it has an "Update" flag, you can right-click the app and select "Update App" to download 1.5.12.)

If you don't have Onion Browser on your computer, you can retrieve this version by syncing your iPhone/iPad to your computer or by searching for Onion Browser in iTunes with the same Apple account that you used to buy it on your iPhone/iPad.

If you get a hash that's different than cc31dad8ec3aa4f72b1de09557d5840b2039c585328098973b3cb1a7ad3205d521c95a21288443dd8eef86028800db0895b1e47b20e131054947685c5161fc44, please report it in this thread immediately, or e-mail me.

Hash: SHA512

If you have installed Onion Browser via the App Store, you can
double-check the authenticity of your copy of Onion Browser by doing
something like the following and ensuring that the resultant SHA512
hash is identical. 

Sync your phone (& sync the apps over to your computer) or download
Onion Browser via the App Store in iTunes on your computer. Then:

$ mkdir /tmp/ob1512
$ cd /tmp/ob1512
$ unzip -o "$HOME/Music/iTunes/iTunes Media/Mobile Applications/Onion Browser 1.5.12.ipa"
$ rm -fr "Payload/OnionBrowser.app/SC_Info"
$ find Payload -type f -print0 | xargs -0 shasum -a512 | shasum -a512
cc31dad8ec3aa4f72b1de09557d5840b2039c585328098973b3cb1a7ad3205d521c95a21288443dd8eef86028800db0895b1e47b20e131054947685c5161fc44  -

It'll tell you that your copy of the Onion Browser app package is
the same as everyone else's. (But of course that doesn't help if
there's fishiness in Xcode or in the App Store submission process.)

Per [1][2], although the App Store-hosted ".ipa" bundle of the app
changes from user-to-user (because the ".ipa" zip file contains
user-specific SC_Info), the remainder of the app contents should be
the same from user to user. See [3] & [4] for further work on this.

[1]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-77376731
[2]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-78202740
[3]: https://github.com/OnionBrowser/iOS-OnionBrowser/issues/58
[4]: https://github.com/WhisperSystems/Signal-iOS/issues/641