wrong signing key and versionCode issues #12
Comments
IzzySoft
changed the title
|
Hi @IzzySoft I lost the old certificate and needed to re upload the new app. I don't know where I can find that one |
|
That's sad, I was afraid this might be the cause. Is there any way we can confirm it's really you (and not just someone claiming your identity)? Unfortunately, only few of your commits are signed (and the first signed commit was after the key change), so this option is lost. |
|
@kl3jvi any answer to my question? I cannot add new releases before this issue is solved; for security reasons, at least a minimal verification is required. |
|
What verification? |
|
How can we be sure it's really you – and not someone else having somehow gotten access to your repo and added a (modified) APK? For details, please see How to keep your key safe and what measures to take for the event of loss? Do we have any way to at least have minimal verification? |
|
Lol my releases are verified u can easily check them |
|
Sorry, but I don't see any "verification" at releases, nor are the tags signed. Can you please explain? |
|
And btw, @kl3jvi – |
|
So any chance we can get that tackled, @kl3jvi – or should I rather drop your app from my repo? If we cannot even achieve a basic verification, and you never change the |
|
I will have a look into it today, as I am a bit busy at work. @IzzySoft |
|
Thanks a lot! |
|
And luckily, any day is "today" – at a given point in time 🙈 So where do we stand? |
|
OK, your app got "wiped" from the repo for the 3rd time now as the monthly update check replaced the existing I won't take the time to reset this every month – especially when it seems that a fix won't happen. So I'll now de-configure it here. There won't be any update checks anymore, and the app is no longer shipped with my repo. If you want it listed there again, you can send me a ping here once you've solved the issue (i.e. fixed the Sorry for the inconvenience, but that's the only way I currently see. Still and honest, all the best for you and your project(s)! |
Looks like the latest releases (v1.0.3 & v1.0.4) were signed with a different key:
while the versions before used
What happened to your signing key (I couldn't find any hint in the release notes either)? A changed key could mean someone hacked your repo and added modified APKs (but could not sign them with the correct key as you hopefully kept it safe).
Further,
versionCodeof your app toggles between 1 and 2 instead of being always increased with each new release, which makes updates quite difficult (and with the key changing even impossible). As the latest release (v1.0.4) just overwrote v1.0.2 (the last one with the original key) due to having the same versionCode, your app entirely disappeared from my repo now as the signing key was not accepted, so I'll have to revert back to v1.0.2 here for now until this issue is solved. I might need to disable updates entirely (they were set to monthly last November as the repo looked dormant then) if it cannot be solved until the next update check will drag in the v1.0.4 APK again, bringing us back to the current situation.The text was updated successfully, but these errors were encountered: