如何确保 Android 应用程序确实是从所述源代码编译的?

发布于 2024-09-07 04:30:26 字数 431 浏览 10 评论 0原文

很多Android应用程序都是开源的,但是我们如何确保最终上传到Google Market的人在上传之前不会包含一些间谍软件呢?

背景:移动应用程序安全似乎越来越令人担忧,我我想让我的开源 Android 应用程序的用户放心。需要修改部署过程或应用程序内容的解决方案也是可以接受的。

2012 更新: 这是朝着正确的方向发展:http://f-droid.org / 他们检查应用程序并将其编译成他们分发的 APK。话虽这么说,我会更信任他们 如果他们是 Mozilla 或 Apache...

A lot of Android apps are open source, but how can we make sure the person who finally uploads to the Google Market does not include some spyware just before uploading?

Background: Mobile apps security seems to be a growing concern, and I would like to reassure the users of my Open Source Android app. Solutions that require to modify the deployment process or application content are acceptable too.

2012 update: This is going in the right direction: http://f-droid.org/ They check the apps and compile them into APKs that they distribute. That being said, I would trust them more
if they were Mozilla or Apache...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

西瓜 2024-09-14 04:30:26

看看 https: //stackoverflow.com/questions/249106/how-can-you-give-users-confidence-that-your-application-has-no-malicious-intent 了解一些相关信息。

您当然可以获取源代码并自己构建/编译它,并将生成的二进制文件与上传的二进制文件进行比较,但这在某种程度上违背了二进制分发的目的。如果源代码确实包含恶意代码,它仍然无济于事。或者也许构建一个安全的,即可信的参考二进制文件,然后发布校验和进行比较?

除此之外,这个问题确实不是开源软件特有的。最终,这一切都归结为信任。

Take a look at https://stackoverflow.com/questions/249106/how-can-you-give-users-confidence-that-your-application-has-no-malicious-intent for some related information.

You could of course take the source and build/compile it yourself and compare the resulting binary to the uploaded one, but this somehow defeats the purpose of binary distribution. And it still wouldn't help in cases where the source code does contain malicious code. Or maybe build a safe, i.e. trusted reference binary and then publish the checksum for comparison?

Apart from that, this problem really is not specific to open source software. In the end, it all boils down to trust.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文