For a crypto wallet it seems extremely dangerous to use a custom repo. What if one day it pushes an hacked version with the same signature and it takes all the money?
For this use case I’d consider only from fdroid, the only way it can be sure it matches the published source code
Those repos are maintained by the developers of the Monero wallet. So, if they were going to do that, they would also be able to push the malware version to the fdroid repo as well, because the signatures would match the developers.
The fdroid repository has only apps built by fdroid itself using the published source code, while a private repo could have a binary that doesn’t match the source.
It might be a financial incentive for someone to hack the dev, steal their signing keys, silently add a timebomb that at a specific time would send the whole content of the wallet to a specific monero address, replace the apk after a new release is added. Nobody would notice until too late
That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.
Edit: But if a hacker hacked the developer, wouldn’t they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.
Anonero monero wallet: http://anonero5wmhraxqsvzq2ncgptq6gq45qoto6fnkfwughfl4gbt44swad.onion/fdroid/repo
Briar: https://briarproject.org/fdroid/repo
Cake Labs monero wallet: https://fdroid.cakelabs.com/?fingerprint=ea44efaee0b641ee7a032d397d5d976f9c4e5e1ed26e11c75702d064e55f8755
Collabora Office: https://www.collaboraoffice.com/downloads/fdroid/repo
Eternity for Lemmy: https://bazsalanszky.codeberg.page/fdroid/repo
futo voice: https://app.futo.org/fdroid/repo?fingerprint=39D47869D29CBFCE4691D9F7E6946A7B6D7E6FF4883497E6E675744ECDFA6D6D
IzzyOnDroid: https://apt.izzysoft.de/fdroid/repo
Molly: https://molly.im/fdroid/foss/fdroid/repo
Monerujo monero wallet: https://f-droid.monerujo.io/fdroid/repo
MySu Monero Wallet: http://rk63tc3isr7so7ubl6q7kdxzzws7a7t6s467lbtw2ru3cwy6zu6w4jad.onion/fdroid/repo?fingerprint=0C72C540E5841030FAE32329A1BC8747DCAC5236E4D1AAEDB67735CA7B7DD3D6
NewPipe: https://archive.newpipe.net/fdroid/repo
Session: https://fdroid.getsession.org/fdroid/repo
SimpleX Chat: https://app.simplex.chat/fdroid/repo?fingerprint=9F358FF284D1F71656A2BFAF0E005DEAE6AA14143720E089F11FF2DDCFEB01BA
For a crypto wallet it seems extremely dangerous to use a custom repo. What if one day it pushes an hacked version with the same signature and it takes all the money?
For this use case I’d consider only from fdroid, the only way it can be sure it matches the published source code
Those repos are maintained by the developers of the Monero wallet. So, if they were going to do that, they would also be able to push the malware version to the fdroid repo as well, because the signatures would match the developers.
The fdroid repository has only apps built by fdroid itself using the published source code, while a private repo could have a binary that doesn’t match the source.
It might be a financial incentive for someone to hack the dev, steal their signing keys, silently add a timebomb that at a specific time would send the whole content of the wallet to a specific monero address, replace the apk after a new release is added. Nobody would notice until too late
Difficult hack but not impossible
That is a fair point. The protection of the main fdroid repo is that they build it from source and then compare the binaries to make sure they match if i understand reproduceable builds correctly.
Edit: But if a hacker hacked the developer, wouldn’t they just change the source code as well so that they still match? Like if I wanted to hack Monerujo id want to get the git repo if possible along with the repo keys so i could push malicious code to the git repo, build a binary from that malicious code, publish it on the devs fdroid repo and then when fdroid compares the binary to source they match even though they are malicious.
Thanks, I still haven’t got into crypo so Monero is not for me but I will study a few of those.
I am redesigning a big part of my digital life these days