Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/mobile: Add support for signing Android applications using v2+ scheme #38439

Open
Jacalz opened this issue Apr 14, 2020 · 0 comments
Open

x/mobile: Add support for signing Android applications using v2+ scheme #38439

Jacalz opened this issue Apr 14, 2020 · 0 comments

Comments

@Jacalz
Copy link

@Jacalz Jacalz commented Apr 14, 2020

Note:

This was suggested as part of the security issue filed as part of #38438 and might be relevant.

Description:

The signing of Android applications in gomobile is currently using the old v1 signing scheme and not the new and improved v2 or v3 schemes that have been available for quite some time now. See the Application Signing documentation for more information regarding the various signing schemes.

The v2+ schemes introduce both security and performance improvements and could be beneficial for improving the application signing. There are two way that this could be done due to v2+ being compatible on older Android phones as long as applications are signed with both (or possibly all three) protocols. This means that we could fix the security issue mentioned in #38438 and still sign with the v1 scheme for supporting Android 7 and below, but also sign with v2+ for better security and install performance on newer versions. Another possible way to solve it would be to drop support for v1 and just support v2+ and thus Android 7 and newer. The choice of the best option depends on how you look at it, but I will leave that to someone else to decide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.