You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issues filed here should be about bugs in the code in this repository.
If you have a general question, need help debugging, or fall into some
other category use one of these other channels:
For general technical questions, post a question on StackOverflow
with the firebase tag.
For general Firebase discussion, use the firebase-talk
google group.
For help troubleshooting your application that does not fall under one
of the above categories, reach out to the personalized Firebase support channel.
[REQUIRED] Step 2: Describe your environment
Android Studio version: Bumblebee
Firebase Component: Crashlytics
Component version: 17.2.1
[REQUIRED] Step 3:
Using Crashlytics breaks reproducibility for Android apps as it adds a random(?) build_id such as:
Build your app release twice (maybe on different machines?)
Compare the files with diffoscope
The diff probably is only the build_id.
If the builds are otherwise identical, there should be no reason to assign a different build_id. Please use a hash of the folder state or something deterministic instead.
The text was updated successfully, but these errors were encountered:
Hi @Giszmo, thanks for reporting. Here's the reply of one of our engineers:
This is working as intended, the value is non-deterministic because it is added into the app at build time. There's no way to generate the id based on the build output, because the id itself is part of the build. We've considered some tricks to make it deterministic in the past, but there's nothing that works reliably across all Gradle versions.
There's currently no plans to change this in the future as of the moment. That being said, I'll be closing this for now.
If this gets more requests in the future, then we can probably revisit this and discuss this further. Thanks!
I will have to recommend to dependent projects that they find a different solution if this is not resolved. Build reproducibility is crucial for being able to trust applications from the Play Store. This applies in particular to cryptocurrency wallets where a supply chain attack could net the attacker significant profit.
[READ] Step 1: Are you in the right place?
Issues filed here should be about bugs in the code in this repository.
If you have a general question, need help debugging, or fall into some
other category use one of these other channels:
with the firebase tag.
google group.
of the above categories, reach out to the personalized
Firebase support channel.
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3:
Using Crashlytics breaks reproducibility for Android apps as it adds a random(?) build_id such as:
Steps to reproduce:
The diff probably is only the
build_id
.If the builds are otherwise identical, there should be no reason to assign a different
build_id
. Please use a hash of the folder state or something deterministic instead.The text was updated successfully, but these errors were encountered: