Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 834
    • Issues 834
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #40179
Closed
Open
Issue created Oct 07, 2020 by Matthew Finkel@sysrqb

Investigate unsigned kotlin_module files

$ apksigner verify --print-certs --verbose tor-browser-tbb-nightly.2020.10.07-android-x86-multi.apk
Verifies
[...]
WARNING: META-INF/activity-ktx_release.kotlin_module not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.activity_activity-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.activity_activity.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat-resources.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.arch.core_core-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.biometric_biometric.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.browser_browser.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.cardview_cardview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.coordinatorlayout_coordinatorlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.

Indeed, the apk contains:

$ unzip -l tor-browser-tbb-nightly.2020.10.07-android-x86-multi.apk
[...]
       89  1970-01-01 00:00   META-INF/activity-ktx_release.kotlin_module
        6  1970-01-01 00:00   META-INF/androidx.activity_activity-ktx.version
        6  1970-01-01 00:00   META-INF/androidx.activity_activity.version
       11  1970-01-01 00:00   META-INF/androidx.appcompat_appcompat-resources.version
       11  1970-01-01 00:00   META-INF/androidx.appcompat_appcompat.version
        6  1970-01-01 00:00   META-INF/androidx.arch.core_core-runtime.version
        6  1970-01-01 00:00   META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version
       14  1970-01-01 00:00   META-INF/androidx.biometric_biometric.version
        6  1970-01-01 00:00   META-INF/androidx.browser_browser.version
        6  1970-01-01 00:00   META-INF/androidx.cardview_cardview.version
        6  1970-01-01 00:00   META-INF/androidx.coordinatorlayout_coordinatorlayout.version
[...]
$ unzip -l tor-browser-tbb-nightly.2020.10.07-android-x86-multi-qa.apk | grep -c 'META-INF/[a-z_-]*.kotlin_module'
113
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking