Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/mobile: Add support for signing Android applications using v2+ scheme #38439

Open
Jacalz opened this issue Apr 14, 2020 · 1 comment
Open
Labels
help wanted mobile Android, iOS, and x/mobile NeedsFix The path to resolution is known, but the work has not been done.
Milestone

Comments

@Jacalz
Copy link
Contributor

Jacalz commented Apr 14, 2020

Note:

This was suggested as part of the security issue filed as part of #38438 and might be relevant.

Description:

The signing of Android applications in gomobile is currently using the old v1 signing scheme and not the new and improved v2 or v3 schemes that have been available for quite some time now. See the Application Signing documentation for more information regarding the various signing schemes.

The v2+ schemes introduce both security and performance improvements and could be beneficial for improving the application signing. There are two way that this could be done due to v2+ being compatible on older Android phones as long as applications are signed with both (or possibly all three) protocols. This means that we could fix the security issue mentioned in #38438 and still sign with the v1 scheme for supporting Android 7 and below, but also sign with v2+ for better security and install performance on newer versions. Another possible way to solve it would be to drop support for v1 and just support v2+ and thus Android 7 and newer. The choice of the best option depends on how you look at it, but I will leave that to someone else to decide.

@gopherbot gopherbot added this to the Unreleased milestone Apr 14, 2020
@gopherbot gopherbot added the mobile Android, iOS, and x/mobile label Apr 14, 2020
@andybons andybons added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. help wanted NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Apr 14, 2020
@hajimehoshi
Copy link
Member

hajimehoshi commented May 3, 2022

/CC @hyangah

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted mobile Android, iOS, and x/mobile NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Development

No branches or pull requests

4 participants