Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: “We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause.” 😵👇

https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19

#fdroid #security #privacy #certpinning #signature

  • Life.is.beautiful@infosec.exchange
    1·
    2 months ago

    @kuketzblog@social.tchncs.de

    Am besten:

    1. Accressent
    2. Obtanium (github/gitlab) + Appverfier
    3. F-droid Repo des Entwicklers manuell hinzufügen

    @accrescent@infosec.exchange