@eighthave@fdroidorg and I am very happy having @obfusk and @SylvieLorxu supporting me and the #IzzySoftRepo – I couldn't think of anyone better. And haven't heard of anyone better known in the area of this and also of reproducible builds than Fay, or anyone who can hold a candle to Sylvia. Yes, both mostly worked in the background – but I guess you already got a clue what F-Droid lost having them leave.
This release adds support for finding barcodes in PDF files[1] and dealing with multiple barcodes. It also properly colours the status bar during usage now.
As always, it's available on #GitHub, will soon be available on #IzzyOnDroid and will slowly roll out to other app stores.
You've read about F-Droid's #reproducibleBuilds recently? Now, the #IzzySoftRepo repo makes use of that implementation. How, you ask?
Well: part of the process is to compare APKs and make sure they carry the signature of their authors. That's done by fdroidserver whenever the YAML file of an app has "AllowedAPKSigningKeys:" defined. APKs with not-matching signatures are rejected. That's used by my repo now to make sure updates are "legit" (and not placed to the repo by a malicious actor). (1/4)
🇺🇸 I've told you about additional APK checks having been implemented at the #IzzySoftRepo in January. Now finally I found the time to complete the article explaining the details, so you might wish to take a look at "Ramping up security: additional APK checks are in place with the IzzyOnDroid repo":
Today is the first time I had to remove an app from the #IzzySoftRepo for potential security risks: author changed the signing key (happens a lot they lose it, unfortunately) – and instead of explaining what happened, simply deleted the issue where I reported it. So I must assume that repo was either compromised – or the author is not interested in security.
It should be safe to use my repo, so I had to remove that app (the "insecure" APK never went live here thanks to security checks).
I've already told you about the additional APK checks now performed in my repo, and that you can find the first summary of explanations in the repo info (https://apt.izzysoft.de/fdroid/index/info#manifest).
Now the results of those checks on app permissions are being made transparent to you if you expand the permission section for an app. Not seen in the screenshots: on mouseover you now will get a short explanation for each permission.
NextTraceroute: traceroute app using Nexttrace API
Raise To Answer: simply hold your phone to your ear to answer an incoming call
Though Raise to Answer is a 1 year old release, it comes from the wonderful @SylvieLorxu who also brought you Catima, so it must be great! And an update is on its way.
The #IzzySoftRepo (better known as #IzzyOnDroid – so I'll probably use that hashtag in the future) is used from all over the world, as this graph from GoAccess web statistics shows. Almost no country where it's not in use. I could only spot 3 small gray areas where no requests originated from.
I'm glad being able to help people from all over the world to get their #free and #OpenSource#Android#apps – and hope you enjoy them, too! :awesome:
Though a full scan of the repo hasn't brought up a single affected APK, that doesn't mean any such cannot show up later – so better safe than sorry, right?