android: update p4a ref

- to include d4432ec8d0 see https://github.com/spesmilo/electrum/issues/9215#issuecomment-2403072217 - and add a fixme to revisit apkdiff re horrors beyond my comprehension
2024-10-10 18:39:42 +00:00
parent 5da46e9087
commit af18df10f6
2 changed files with 9 additions and 1 deletions
--- a/contrib/android/Dockerfile
+++ b/contrib/android/Dockerfile
@@ -190,7 +190,7 @@ RUN cd /opt \
    && /opt/venv/bin/python3 -m pip install --no-build-isolation --no-dependencies -e .

 # install python-for-android
-ENV P4A_CHECKOUT_COMMIT="7197c1c28409fbeebd8494093349a2bfd770526a"
+ENV P4A_CHECKOUT_COMMIT="d4432ec8d07b8521465d6daddd55046fc0413599"
 # ^ from branch electrum_20240930 (note: careful with force-pushing! see #8162)
 RUN cd /opt \
    && git clone https://github.com/spesmilo/python-for-android \
--- a/contrib/android/apkdiff.py
+++ b/contrib/android/apkdiff.py
@@ -4,6 +4,14 @@
 import sys
 from zipfile import ZipFile

+
+# FIXME it is possible to hide data in the apk signing block - and then the application
+#       can introspect itself at runtime and access that, even execute it as code... :/
+#       see https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block
+#           https://android.izzysoft.de/articles/named/iod-scan-apkchecks
+#           https://github.com/obfusk/sigblock-code-poc
+#       I think if the app did this kind of introspection, that should be caught by code review,
+#       but still, note that with this current diff script it is possible to smuggle data in the apk.
 class ApkDiff:
    IGNORE_FILES = ["META-INF/MANIFEST.MF", "META-INF/CERT.RSA", "META-INF/CERT.SF"]