Sign APKs in GitHub releases #1881
hardcore-sushi
started this conversation in
Ideas
Replies: 1 comment
-
|
Related: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi !
For obvious reasons, I don't want to use Google Play to install Yoroi. However, I don't trust neither GitHub nor the datacenter where it's hosted. APKs that users download might not be the same as the ones you uploaded.
To prevent any modification by GitHub or any other intermediaries, you could sign the APKs you upload, for example with PGP, like Daedalus does. You could publish your public key on public keyservers as well as on your website, as it secured with TLS.
Thank you very much for your understanding.
Beta Was this translation helpful? Give feedback.
All reactions