Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-06-15 02:33:15 -06:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
screentinker/android/app
History
ScreenTinker d41bd1f27d fix(android): verify OTA APK signature before install + disable backup (Critical) 
The updater fetched download_url from the server JSON and installed it via
PackageInstaller with NO verification, over cleartext (usesCleartextTraffic,
no pinning). A network MITM or compromised server could return a malicious APK
and have it silently installed (REQUEST_INSTALL_PACKAGES) → full device RCE.

Fix: before install, verify the downloaded APK (a) is our own package and
(b) shares a current signing certificate with the installed app
(GET_SIGNING_CERTIFICATES on P+, GET_SIGNATURES below). An attacker can't forge
our signing key, so this holds even over an untrusted/cleartext transport.
Fail-closed on any parse/verify error; the APK is deleted on mismatch. Gates
both the session-install and intent-fallback paths.

Also set android:allowBackup="false" so adb backup can't exfiltrate the
device token / config.

Compile-checked + signed debug APK builds. NOT verified on-device - needs a
real update cycle on a device (valid update installs; a wrong-signed APK is
rejected) before merge.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:19:55 -05:00
..
src/main fix(android): verify OTA APK signature before install + disable backup (Critical) 2026-06-08 19:19:55 -05:00
build.gradle.kts Android: bump to 1.7.8 + fix safeOn return type 2026-04-28 15:45:18 -05:00
proguard-rules.pro Initial open source release 2026-04-08 12:14:53 -05:00