Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App on Google Play can't be verified #1748

Open
Giszmo opened this issue Dec 14, 2019 · 12 comments
Open

App on Google Play can't be verified #1748

Giszmo opened this issue Dec 14, 2019 · 12 comments

Comments

@Giszmo
Copy link

Giszmo commented Dec 14, 2019

At the time of writing this article your app was not verifiable. Please help make your app verifiable for outside developers and let me know when you think it's worth reviewing your wallet again!
@Giszmo
Copy link
Author

Giszmo commented Mar 29, 2020

3.5 months later ... how is it going? No plan to make your wallet secure against the release manager being put under duress?

@trymeouteh
Copy link

+1 for making the wallet fully open source and build-able on Android. This will allow people to verify the code to ensure it is truely a private wallet and this can allow the app to be added onto F-Droid!

@paullinator
Copy link
Member

@trymeouteh Thanks for the kudos. Much appreciated

@paullinator
Copy link
Member

@Giszmo Can you more precisely specify what you are requesting with respect to the app being verifiable?

@Giszmo
Copy link
Author

Giszmo commented Jan 3, 2021

The app was reviewed more than a year ago and back then, the complaint was basically the lack of clear build instructions. If you claim the binary from Google Play can be rebuilt from the public source code, I'll happily look into this again.

Just as a quick check, I compared the version from Google Play (1.19.0) with tags here in the repo and can't find a higher tag than 1.17.5, so that to me looks like "not reproducible" is still the right verdict.

@emanuelb emanuelb mentioned this issue Apr 4, 2021
Closed
@emanuelb
Copy link

Currently use NODE_ENV="development" until issue #2611 is fixed, or the replacement needed (patch file) done in the container itself, also the below Containerfile don't run the ./scripts/updateVersion.js as explained in: (which might be needed)
https://github.com/EdgeApp/edge-react-gui#build-release-version-of-app
which will fail with: env: can't execute 'node -r sucrase/register': No such file or directory
installing the deps can be done by: yarn add disklet cleaners sucrase or npm install -g --save-dev disklet cleaners sucrase

edge-react-gui/Jenkinsfile

Line 37 in 6de5ffa

sh "npm i disklet cleaners sucrase"

just need to ensure it's found by the script when it's called.

build: podman build --pull --rm -t edge_build_2013n_apk -f ContainerFile2013
run: podman run --rm --name edge_build_2013_apk -ti edge_build_2013_apk
APK in: /home/appuser/app/edge/edge-react-gui-v.2.0.13/android/app/build/outputs/apk/release/app-release.apk

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        git \
        npm \
        yarn \
        openjdk8; \
    adduser -D appuser;

USER appuser

ENV NODE_ENV="development" \
    ANDROID_SDK_ROOT="/home/appuser/app/sdk/" \
    ANDROID_HOME="/home/appuser/app/sdk/"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/edge" "/home/appuser/app/edgeUpstreamAPK"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/edgeUpstreamAPK; \
    wget https://edge.app/app; \
    unzip app; \ 
    cd /home/appuser/app/edge/; \
    wget https://github.com/EdgeApp/edge-react-gui/archive/refs/tags/v.2.0.13.zip; \
    sha256sum v.2.0.13.zip; \
    unzip v.2.0.13.zip; \
    rm v.2.0.13.zip; \
    git clone https://github.com/EdgeApp/edge-react-gui/; \
    cd /home/appuser/app/edge/edge-react-gui/;

WORKDIR /home/appuser/app/edge/

RUN set -ex; \
    cd edge-react-gui-v.2.0.13; \
    sed -i 's/bin\/bash/bin\/sh/g' ./postinstall.sh; \
    yarn install --frozen-lockfile --ignore-optional --ignore-scripts; \
    yarn postinstall; \
    yarn prepare; \
    cp /home/appuser/app/edgeUpstreamAPK/res/raw/env.json ./env.json; \
    cd android; \
    ./gradlew assembleRelease

compared to APK from: https://edge.app/app

Files ./LocalBuild/AndroidManifest.xml and ./FromSite/AndroidManifest.xml differ
Files ./LocalBuild/assets/edge-core/plugin-bundle.js and ./FromSite/assets/edge-core/plugin-bundle.js differ
Files ./LocalBuild/assets/edge-core/plugin-bundle.js.map and ./FromSite/assets/edge-core/plugin-bundle.js.map differ
Files ./LocalBuild/assets/index.android.bundle and ./FromSite/assets/index.android.bundle differ
Files ./LocalBuild/classes2.dex and ./FromSite/classes2.dex differ
Files ./LocalBuild/classes.dex and ./FromSite/classes.dex differ
Files ./LocalBuild/lib/arm64-v8a/libcrypto_bridge.so and ./FromSite/lib/arm64-v8a/libcrypto_bridge.so differ
Files ./LocalBuild/lib/arm64-v8a/libmymonero-jni.so and ./FromSite/lib/arm64-v8a/libmymonero-jni.so differ
Files ./LocalBuild/lib/armeabi-v7a/libcrypto_bridge.so and ./FromSite/lib/armeabi-v7a/libcrypto_bridge.so differ
Files ./LocalBuild/lib/armeabi-v7a/libmymonero-jni.so and ./FromSite/lib/armeabi-v7a/libmymonero-jni.so differ
Files ./LocalBuild/lib/x86/libcrypto_bridge.so and ./FromSite/lib/x86/libcrypto_bridge.so differ
Files ./LocalBuild/lib/x86/libmymonero-jni.so and ./FromSite/lib/x86/libmymonero-jni.so differ
Files ./LocalBuild/lib/x86_64/libcrypto_bridge.so and ./FromSite/lib/x86_64/libcrypto_bridge.so differ
Files ./LocalBuild/lib/x86_64/libmymonero-jni.so and ./FromSite/lib/x86_64/libmymonero-jni.so differ
Files ./LocalBuild/META-INF/CERT.RSA and ./FromSite/META-INF/CERT.RSA differ
Files ./LocalBuild/META-INF/CERT.SF and ./FromSite/META-INF/CERT.SF differ
Files ./LocalBuild/META-INF/MANIFEST.MF and ./FromSite/META-INF/MANIFEST.MF differ
Files ./LocalBuild/resources.arsc and ./FromSite/resources.arsc differ

a diffoscope should be run on both files to see what the diffs are.

@emanuelb
Copy link

Latest version v2.12.0 can be built with Containerfile below:
build: podman build --rm -t edge_build_apk -f ContainerFileAlpine
APK in: /home/appuser/app/edge/edge-react-gui/android/app/build/outputs/apk/release/app-release.apk

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        git \
        npm \
        yarn \
        openjdk11; \
    adduser -D appuser;
    
USER appuser

ENV NODE_ENV="development" \
    ANDROID_SDK_ROOT="/home/appuser/app/sdk/" \
    ANDROID_HOME="/home/appuser/app/sdk/"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/edge" "/home/appuser/app/edgeUpstreamAPK"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/edgeUpstreamAPK; \
    wget https://edge.app/app; \
    unzip app; \ 
    cd /home/appuser/app/edge/; \
    git clone https://github.com/EdgeApp/edge-react-gui/; \
    cd /home/appuser/app/edge/edge-react-gui/;

WORKDIR /home/appuser/app/edge/

RUN set -ex; \
    cd edge-react-gui; \
    git checkout v2.12.0; \
    yarnpkg install --frozen-lockfile --ignore-optional --ignore-scripts; \
    yarnpkg prepare; \
    cp /home/appuser/app/edgeUpstreamAPK/res/raw/env.json ./env.json; \
    cd android; \
    ./gradlew assembleRelease

compared to APK from: https://edge.app/app

Files ./edgeRebuild/AndroidManifest.xml and ./edgeUpstreamAPK/AndroidManifest.xml differ
Files ./edgeRebuild/assets/index.android.bundle and ./edgeUpstreamAPK/assets/index.android.bundle differ
Files ./edgeRebuild/classes.dex and ./edgeUpstreamAPK/classes.dex differ
Files ./edgeRebuild/classes2.dex and ./edgeUpstreamAPK/classes2.dex differ
Files ./edgeRebuild/classes3.dex and ./edgeUpstreamAPK/classes3.dex differ
Files ./edgeRebuild/classes4.dex and ./edgeUpstreamAPK/classes4.dex differ
Files ./edgeRebuild/lib/arm64-v8a/libcrypto_bridge.so and ./edgeUpstreamAPK/lib/arm64-v8a/libcrypto_bridge.so differ
Files ./edgeRebuild/lib/arm64-v8a/libedge-core-jni.so and ./edgeUpstreamAPK/lib/arm64-v8a/libedge-core-jni.so differ
Files ./edgeRebuild/lib/arm64-v8a/libmymonero-jni.so and ./edgeUpstreamAPK/lib/arm64-v8a/libmymonero-jni.so differ
Files ./edgeRebuild/lib/arm64-v8a/librenderscript-toolkit.so and ./edgeUpstreamAPK/lib/arm64-v8a/librenderscript-toolkit.so differ
Files ./edgeRebuild/lib/armeabi-v7a/libcrypto_bridge.so and ./edgeUpstreamAPK/lib/armeabi-v7a/libcrypto_bridge.so differ
Files ./edgeRebuild/lib/armeabi-v7a/libedge-core-jni.so and ./edgeUpstreamAPK/lib/armeabi-v7a/libedge-core-jni.so differ
Files ./edgeRebuild/lib/armeabi-v7a/libmymonero-jni.so and ./edgeUpstreamAPK/lib/armeabi-v7a/libmymonero-jni.so differ
Files ./edgeRebuild/lib/armeabi-v7a/librenderscript-toolkit.so and ./edgeUpstreamAPK/lib/armeabi-v7a/librenderscript-toolkit.so differ
Files ./edgeRebuild/lib/x86/libcrypto_bridge.so and ./edgeUpstreamAPK/lib/x86/libcrypto_bridge.so differ
Files ./edgeRebuild/lib/x86/libedge-core-jni.so and ./edgeUpstreamAPK/lib/x86/libedge-core-jni.so differ
Files ./edgeRebuild/lib/x86/libmymonero-jni.so and ./edgeUpstreamAPK/lib/x86/libmymonero-jni.so differ
Files ./edgeRebuild/lib/x86/librenderscript-toolkit.so and ./edgeUpstreamAPK/lib/x86/librenderscript-toolkit.so differ
Files ./edgeRebuild/lib/x86_64/libcrypto_bridge.so and ./edgeUpstreamAPK/lib/x86_64/libcrypto_bridge.so differ
Files ./edgeRebuild/lib/x86_64/libedge-core-jni.so and ./edgeUpstreamAPK/lib/x86_64/libedge-core-jni.so differ
Files ./edgeRebuild/lib/x86_64/libmymonero-jni.so and ./edgeUpstreamAPK/lib/x86_64/libmymonero-jni.so differ
Files ./edgeRebuild/lib/x86_64/librenderscript-toolkit.so and ./edgeUpstreamAPK/lib/x86_64/librenderscript-toolkit.so differ
Files ./edgeRebuild/resources.arsc and ./edgeUpstreamAPK/resources.arsc differ

@Giszmo
Copy link
Author

Giszmo commented Nov 2, 2022

I tried for the latest release - 2.25.0 and failed to build from source. I used this container file:

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        git \
        npm \
        yarn \
        openjdk11; \
    adduser -D appuser;
    
USER appuser

ENV NODE_ENV="development" \
    ANDROID_SDK_ROOT="/home/appuser/app/sdk/" \
    ANDROID_HOME="/home/appuser/app/sdk/"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/edge"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/edge/; \
    git clone https://github.com/EdgeApp/edge-react-gui/; \
    cd /home/appuser/app/edge/edge-react-gui/;

WORKDIR /home/appuser/app/edge/

RUN set -ex; \
    cd edge-react-gui; \
    git checkout v2.25.0; \
    yarnpkg install --frozen-lockfile --ignore-optional --ignore-scripts; \
    yarnpkg prepare; \
    cd android; \
    ./gradlew assembleRelease

(same as Emanuel's but without the download of the app and with updated version)

and got this build error:

> Task :bugsnag_react-native:compileReleaseKotlin
w: /home/appuser/app/edge/edge-react-gui/node_modules/@bugsnag/react-native/android/src/main/java/com/bugsnag/android/BugsnagReactNative.kt: (204, 48): Elvis operator (?:) always returns the left operand of non-nullable type ReadableMap

> Task :bugsnag_react-native:javaPreCompileRelease
> Task :disklet:generateReleaseBuildConfig

> Task :bugsnag_react-native:compileReleaseJavaWithJavac FAILED
/home/appuser/app/edge/edge-react-gui/node_modules/@bugsnag/react-native/android/src/main/java/com/bugsnag/android/BugsnagPackage.java:1: error: cannot access com.bugsnag.android
package com.bugsnag.android;
^
  /home/appuser/.gradle/caches/transforms-3/db229a6e5f4fe0ba69c000c5a66ca523/transformed/swiperefreshlayout-1.0.0-api.jar: No file descriptors available
/home/appuser/app/edge/edge-react-gui/node_modules/@bugsnag/react-native/android/build/generated/source/buildConfig/release/com/bugsnag/reactnative/BuildConfig.java:4: error: cannot access com.bugsnag.reactnative
package com.bugsnag.reactnative;
^
  /home/appuser/.gradle/caches/transforms-3/db229a6e5f4fe0ba69c000c5a66ca523/transformed/swiperefreshlayout-1.0.0-api.jar: No file descriptors available
2 errors

FAILURE: Build failed with an exception.

@emanuelb
Copy link

There is a Jenkinsfile in repo that likely can be used to build the app (also looks like it used to generate the apk) https://github.com/EdgeApp/edge-react-gui/blob/67e9597452cac52aa7062126d4f2713a3120fe22/Jenkinsfile

Also app latest version 3.6.0 can be compiled with Containerfile below:

FROM frolvlad/alpine-glibc

RUN set -ex; \
    apk update; \
    apk add --no-cache \
        git \
        npm \
        yarn \
        openjdk11; \
    adduser -D appuser; \
    mkdir -p "/Users/jenkins/.jenkins/workspace/Edge_edge-react-gui_master/"; \
    chown -R appuser:appuser /Users/;
    
USER appuser

ENV NODE_ENV="development" \
    ANDROID_SDK_ROOT="/home/appuser/sdk/" \
    ANDROID_HOME="/home/appuser/sdk/" \
    AIRBITZ_API_KEY="74591cbad4a4938e0049c9d90d4e24091e0d4070" \
    BUGSNAG_API_KEY="5aca2dbe708503471d8137625e092675" \
    NODE_OPTIONS=--openssl-legacy-provider

RUN set -ex; \
    mkdir -p "/home/appuser/sdk/licenses"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/sdk/licenses/android-sdk-license"; \
    cd /Users/jenkins/.jenkins/workspace/Edge_edge-react-gui_master/; \
    git clone --branch v3.6.0 --depth 1 --no-tags --single-branch https://github.com/EdgeApp/edge-react-gui/ . ; 

WORKDIR /Users/jenkins/.jenkins/workspace/Edge_edge-react-gui_master/

RUN set -ex; \
    sed -i "s/versionCode 21000000/versionCode 23032902/g" android/app/build.gradle; \
    sed -i 's/versionName "99.99.99"/versionName "3.6.0"/g' android/app/build.gradle; \
    sed -i "s/uploadReactNativeMappings = true/uploadReactNativeMappings = false/g" android/app/build.gradle; \
    sed -i '/^\s*<\/application>\s*/i <meta-data android:name="com.bugsnag.android.BUILD_UUID" android:value="fd7bc623-0f99-40f8-b23d-527c1483d077"/>' android/app/src/main/AndroidManifest.xml; \  
    sed -i 's/BUGSNAG_API_KEY/5aca2dbe708503471d8137625e092675/g' android/app/src/main/AndroidManifest.xml; \
    yarnpkg install --frozen-lockfile --ignore-scripts; \
    yarnpkg prepare;
    sed -i 's/AIRBITZ_API_KEY": "/AIRBITZ_API_KEY": "74591cbad4a4938e0049c9d90d4e24091e0d4070/g' env.json; \
    sed -i 's/BUGSNAG_API_KEY": "/BUGSNAG_API_KEY": "5aca2dbe708503471d8137625e092675/g' env.json; \    

RUN set -ex; \    
     cd /Users/jenkins/.jenkins/workspace/Edge_edge-react-gui_master/android/;
     ./gradlew packageReleaseUniversalApk

Opened issues from comparing it to apk from website:

  1. Add static value for BUILD_UUID (or at least declare it) in AndroidManifest to avoid ordering differences Add static value for com.bugsnag.android.BUILD_UUID to AndroidManifest.xml #4145
  2. Static versionCode & versionName instead of updated for each tag Static versionCode & versionName instead of updated for each tag #4146

There more investigation that need to be done on the diff to figure what should be changed in the build script.

@Giszmo
Copy link
Author

Giszmo commented Nov 2, 2023
edited
Loading

I just tried to reproduce version 3.20.0 and got a huge diff. The bugsnag api key is needed when using the build instructions for an Android release with ./gradlew assembleRelease and as I'm reluctant to apply it to fix the failed upload to Edge's bugsnag account, I'm using ./gradlew packageReleaseUniversalApk which doesn't error out on a missing api key.

The api keys kind of floating around like they do while the app is not reproducible is unfortunate and I would really appreciate if you could provide a non-default branch for reproducibility that actually contains the api keys.

@Sami32 Sami32 mentioned this issue Apr 28, 2024
Closed
@xrviv
Copy link

xrviv commented Jul 26, 2024
edited
Loading

Hello team Edge. Danny here from @WalletScrutiny

I was able to build the app version 4.8.0 using this dockerfile:

# Builds 4.8.0
# docker build -t edgeapp-build -f co.edgesecure.app.dockerfile
# docker run -d --name edgeapp-container edgeapp-build
# docker cp edgeapp-container:/home/appuser/output/app-release-universal.apk ./
FROM eclipse-temurin:17-jdk-jammy

ENV ANDROID_HOME="/opt/android-sdk" \
    ANDROID_SDK_ROOT="/opt/android-sdk" \
    PATH="${PATH}:/opt/android-sdk/cmdline-tools/latest/bin:/opt/android-sdk/platform-tools"

# Install Node.js 18.x and Yarn
RUN apt-get update && apt-get install -y \
    git \
    wget \
    unzip \
    curl \
    && curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
    && apt-get install -y nodejs \
    && npm install -g yarn \
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p ${ANDROID_HOME}/cmdline-tools && \
    wget -q https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip && \
    unzip -q commandlinetools-linux-8512546_latest.zip -d ${ANDROID_HOME}/cmdline-tools && \
    mv ${ANDROID_HOME}/cmdline-tools/cmdline-tools ${ANDROID_HOME}/cmdline-tools/latest && \
    rm commandlinetools-linux-8512546_latest.zip

RUN yes | sdkmanager --licenses && \
    sdkmanager "platform-tools" "platforms;android-33" "build-tools;33.0.0" "ndk;25.1.8937393"

RUN adduser --disabled-password --gecos '' appuser

# Give appuser write permissions to the Android SDK directory
RUN chown -R appuser:appuser ${ANDROID_HOME} && \
    chmod -R 755 ${ANDROID_HOME}

USER appuser

WORKDIR /home/appuser

ENV NODE_ENV="development" \
    AIRBITZ_API_KEY="74591cbad4a4938e0049c9d90d4e24091e0d4070" \
    BUGSNAG_API_KEY="5aca2dbe708503471d8137625e092675"

RUN mkdir edge-react-gui && \
    cd edge-react-gui && \
    git clone --branch v4.8.0 --depth 1 --no-tags --single-branch https://github.com/EdgeApp/edge-react-gui/ .

WORKDIR /home/appuser/edge-react-gui

RUN sed -i "s/versionCode 21000000/versionCode 24062402/g" android/app/build.gradle && \
    sed -i 's/versionName "99.99.99"/versionName "4.8.0"/g' android/app/build.gradle && \
    sed -i "s/uploadReactNativeMappings = true/uploadReactNativeMappings = false/g" android/app/build.gradle && \
    sed -i '/^\s*<\/application>\s*/i <meta-data android:name="com.bugsnag.android.BUILD_UUID" android:value="fd7bc623-0f99-40f8-b23d-527c1483d077"/>' android/app/src/main/AndroidManifest.xml && \
    sed -i 's/BUGSNAG_API_KEY/5aca2dbe708503471d8137625e092675/g' android/app/src/main/AndroidManifest.xml

# Debugging steps
RUN node --version && npm --version && yarn --version
RUN cat package.json
RUN yarn install || (echo "Yarn install failed" && cat yarn-error.log && exit 1)
RUN yarn prepare || (echo "Yarn prepare failed" && exit 1)
RUN sed -i 's/AIRBITZ_API_KEY": "/AIRBITZ_API_KEY": "74591cbad4a4938e0049c9d90d4e24091e0d4070/g' env.json && \
    sed -i 's/BUGSNAG_API_KEY": "/BUGSNAG_API_KEY": "5aca2dbe708503471d8137625e092675/g' env.json

# Remove the package attribute only from the main app's AndroidManifest.xml
RUN sed -i 's/package="[^"]*"//g' android/app/src/main/AndroidManifest.xml
WORKDIR /home/appuser/edge-react-gui/android

# Debug React Native CLI
RUN node /home/appuser/edge-react-gui/node_modules/@react-native-community/cli/build/bin.js config
RUN ./gradlew packageReleaseUniversalApk

# Find and copy the APK to a known location
RUN mkdir -p /home/appuser/output && \
    find /home/appuser/edge-react-gui -name "*release*.apk" -exec cp {} /home/appuser/output/ \; && \
    ls -l /home/appuser/output

# Set the working directory to where the APK is located
WORKDIR /home/appuser/output

# This command will keep the container running
CMD ["tail", "-f", "/dev/null"]

Further notes on how I did it exactly could be found in the walletscrutiny MR

Unfortunately, I found app version 4.8.0 nonverifiable due to the following diffs:

$ diff -r built official/
    Binary files built/AndroidManifest.xml and official/AndroidManifest.xml differ
    Binary files built/assets/dexopt/baseline.prof and official/assets/dexopt/baseline.prof differ
    Binary files built/assets/dexopt/baseline.profm and official/assets/dexopt/baseline.profm differ
    Binary files built/assets/index.android.bundle and official/assets/index.android.bundle differ
    diff -r built/assets/sentry-debug-meta.properties official/assets/sentry-debug-meta.properties
    2c2,3
    < #Fri Jul 19 08:33:47 UTC 2024
    ---
    > #Mon Jun 24 19:12:34 PDT 2024
    > io.sentry.bundle-ids=a7dbdc5d-ac94-4540-92de-097feba6c718
    Binary files built/classes2.dex and official/classes2.dex differ
    Binary files built/classes3.dex and official/classes3.dex differ
    Binary files built/classes4.dex and official/classes4.dex differ
    Binary files built/classes.dex and official/classes.dex differ
    Binary files built/lib/arm64-v8a/libedge-core-jni.so and official/lib/arm64-v8a/libedge-core-jni.so differ
    Binary files built/lib/arm64-v8a/libexpo-modules-core.so and official/lib/arm64-v8a/libexpo-modules-core.so differ
    Binary files built/lib/arm64-v8a/libmymonero-jni.so and official/lib/arm64-v8a/libmymonero-jni.so differ
    Binary files built/lib/arm64-v8a/libreanimated.so and official/lib/arm64-v8a/libreanimated.so differ
    Binary files built/lib/arm64-v8a/librnscreens.so and official/lib/arm64-v8a/librnscreens.so differ
    Binary files built/lib/armeabi-v7a/libedge-core-jni.so and official/lib/armeabi-v7a/libedge-core-jni.so differ
    Binary files built/lib/armeabi-v7a/libexpo-modules-core.so and official/lib/armeabi-v7a/libexpo-modules-core.so differ
    Binary files built/lib/armeabi-v7a/libmymonero-jni.so and official/lib/armeabi-v7a/libmymonero-jni.so differ
    Binary files built/lib/armeabi-v7a/libreanimated.so and official/lib/armeabi-v7a/libreanimated.so differ
    Binary files built/lib/armeabi-v7a/librnscreens.so and official/lib/armeabi-v7a/librnscreens.so differ
    Binary files built/lib/x86/libedge-core-jni.so and official/lib/x86/libedge-core-jni.so differ
    Binary files built/lib/x86/libexpo-modules-core.so and official/lib/x86/libexpo-modules-core.so differ
    Binary files built/lib/x86/libmymonero-jni.so and official/lib/x86/libmymonero-jni.so differ
    Binary files built/lib/x86/libreanimated.so and official/lib/x86/libreanimated.so differ
    Binary files built/lib/x86/librnscreens.so and official/lib/x86/librnscreens.so differ
    Binary files built/lib/x86_64/libedge-core-jni.so and official/lib/x86_64/libedge-core-jni.so differ
    Binary files built/lib/x86_64/libexpo-modules-core.so and official/lib/x86_64/libexpo-modules-core.so differ
    Binary files built/lib/x86_64/libmymonero-jni.so and official/lib/x86_64/libmymonero-jni.so differ
    Binary files built/lib/x86_64/libreanimated.so and official/lib/x86_64/libreanimated.so differ
    Binary files built/lib/x86_64/librnscreens.so and official/lib/x86_64/librnscreens.so differ
    Binary files built/resources.arsc and official/resources.arsc differ
    ```
    
    Your feedback is graciously appreciated!

@keraliss
Copy link

Hi, keraliss from walletscrutiny here. we tested the reproducability of your wallet and found this -

===== Begin Results =====
appId:          co.edgesecure.app
signer:         8cd6a12e3dc595964fabcbe82341e28f4a2a4ac6a347fcbead488b76faa7e186
apkVersionName: 4.15.0
apkVersionCode: 24101602
verdict:        
appHash:        66342d9ece392d2245abc2ff175ffdb6d800fa3d0b659eb6b62f888e041dab7e
commit:         e0c4a35df1d71c89e2242e0d57454775870ac454

Diff:
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/app.config and /tmp/fromBuild_co.edgesecure.app_24101602/assets/app.config differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/dexopt/baseline.prof and /tmp/fromBuild_co.edgesecure.app_24101602/assets/dexopt/baseline.prof differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/dexopt/baseline.profm and /tmp/fromBuild_co.edgesecure.app_24101602/assets/dexopt/baseline.profm differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-core/plugin-bundle.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-core/plugin-bundle.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-core-js/edge-core.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-core-js/edge-core.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-core-js/edge-core.js.map and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-core-js/edge-core.js.map differ
Only in /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 2963.chunk.js
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/4163.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/4163.chunk.js differ
Only in /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 4580.chunk.js
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/5870.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/5870.chunk.js differ
Only in /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 597.chunk.js
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/6271.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/6271.chunk.js differ
Only in /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 6845.chunk.js
Only in /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 780.chunk.js
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/8330.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/8330.chunk.js differ
Only in /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 9119.chunk.js
Only in /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased: 9228.chunk.js
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/algorand.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/algorand.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/axelar.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/axelar.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/cardano.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/cardano.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/edge-currency-accountbased.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/edge-currency-accountbased.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/ethereum.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/ethereum.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/fio.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/fio.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/hedera.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/hedera.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/polkadot.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/polkadot.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/ripple.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/ripple.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/solana.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/solana.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-accountbased/zcash.chunk.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-accountbased/zcash.chunk.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-currency-plugins/edge-currency-plugins.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-currency-plugins/edge-currency-plugins.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/edge-exchange-plugins/edge-exchange-plugins.js and /tmp/fromBuild_co.edgesecure.app_24101602/assets/edge-exchange-plugins/edge-exchange-plugins.js differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/index.android.bundle and /tmp/fromBuild_co.edgesecure.app_24101602/assets/index.android.bundle differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/sentry-debug-meta.properties and /tmp/fromBuild_co.edgesecure.app_24101602/assets/sentry-debug-meta.properties differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/assets/sentry-external-modules.txt and /tmp/fromBuild_co.edgesecure.app_24101602/assets/sentry-external-modules.txt differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/classes2.dex and /tmp/fromBuild_co.edgesecure.app_24101602/classes2.dex differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/classes3.dex and /tmp/fromBuild_co.edgesecure.app_24101602/classes3.dex differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/classes4.dex and /tmp/fromBuild_co.edgesecure.app_24101602/classes4.dex differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/classes5.dex and /tmp/fromBuild_co.edgesecure.app_24101602/classes5.dex differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/classes.dex and /tmp/fromBuild_co.edgesecure.app_24101602/classes.dex differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/DebugProbesKt.bin and /tmp/fromBuild_co.edgesecure.app_24101602/DebugProbesKt.bin differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libedge-core-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libedge-core-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libexpo-modules-core.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libexpo-modules-core.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libmymonero-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libmymonero-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libreanimated.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libreanimated.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/librnscreens.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/librnscreens.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libsentry-android.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libsentry-android.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libsentry.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libsentry.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/arm64-v8a/libzcashwalletsdk.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/arm64-v8a/libzcashwalletsdk.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libedge-core-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libedge-core-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libexpo-modules-core.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libexpo-modules-core.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libmymonero-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libmymonero-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libreanimated.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libreanimated.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/librnscreens.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/librnscreens.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libsentry-android.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libsentry-android.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libsentry.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libsentry.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/armeabi-v7a/libzcashwalletsdk.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/armeabi-v7a/libzcashwalletsdk.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libedge-core-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libedge-core-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libexpo-modules-core.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libexpo-modules-core.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libmymonero-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libmymonero-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libreanimated.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libreanimated.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/librnscreens.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/librnscreens.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libsentry-android.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libsentry-android.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libsentry.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libsentry.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86/libzcashwalletsdk.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86/libzcashwalletsdk.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libedge-core-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libedge-core-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libexpo-modules-core.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libexpo-modules-core.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libmymonero-jni.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libmymonero-jni.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libreanimated.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libreanimated.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/librnscreens.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/librnscreens.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libsentry-android.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libsentry-android.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libsentry.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libsentry.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/lib/x86_64/libzcashwalletsdk.so and /tmp/fromBuild_co.edgesecure.app_24101602/lib/x86_64/libzcashwalletsdk.so differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.core_core-ktx.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.core_core-ktx.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.core_core.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.core_core.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata-core-ktx.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata-core-ktx.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata-core.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata-core.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-livedata.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-process.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-process.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-runtime-ktx.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-runtime-ktx.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-runtime.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-runtime.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-service.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-service.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel-ktx.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel-ktx.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/androidx.lifecycle_lifecycle-viewmodel.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_android.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_android.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_core.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_core.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_play_services.version and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/kotlinx_coroutines_play_services.version differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/META-INF/services/io.grpc.LoadBalancerProvider and /tmp/fromBuild_co.edgesecure.app_24101602/META-INF/services/io.grpc.LoadBalancerProvider differ
Files /tmp/fromPlay_co.edgesecure.app_24101602/resources.arsc and /tmp/fromBuild_co.edgesecure.app_24101602/resources.arsc differ

Revision, tag (and its signature):

===== End Results =====

there were also 500+ lines of diff including json, xml and png files. would be great if you can look into it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Giszmo @emanuelb @paullinator @trymeouteh @xrviv @keraliss