I'm downloading this app using Obtanium and so I would like to make sure that the app I install is indeed the correct one. To do so I use AppVerifier. To be able to check whether the app downloaded is indeed from the developer I would need the hash of the signing certificate used to sign the app.
The hash would be listed preferably on an external site. Like the app's site, but it could also be listed on Github if the external site is not an option.
I've also considered getting the app from Google Play or just hoping that I have indeed acquired the app from the developer. Neither option really resolves the issue for me.
It's slowly becoming a standard security practice to list the key's hash somewhere in your project for example: Molly, AuroraStore, GeoShare.
]]>Thanks!
]]>Thanks!
]]>Fix #156
]]>I cannot refresh my profile [email protected] both from the contacts and user views.
This is because my key is on a WKD and GenerateProfileCubit.refreshPgpProfile() uses the identifier(openpgp4fpr:...) to get the profile, ignoring the protocol.
Future<ProfileModel?> refreshPgpProfile(ProfileModel pgpProfile) async {
| |
KeyoxideResult result = await getIt<KeyoxideRepository>()
| |
.generateProfile(pgpProfile.identifier);
| |
if (result.data != null) {
| |
return await Utilities.keyoxideProfileToProfileModel(result.data);
| |
} else {
| |
return null;
| |
}
| |
}
|
Added some missing keyoxide brand logos: