Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇
https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19
#fdroid #security #privacy #certpinning #signature
Kuketz-Blog 🛡
npub1g6…s4s5g
2025-01-21 20:28:55 UTC
Author Public Key
npub1g6jqsae3maecf4vsseusdd2khzcl0z5tvnluwl5amjhd96k2gz8qrs4s5gPublished at
2025-01-21 20:28:55 UTCEvent JSON
{
"id": "049d1bc7cb650fad7b758fb37c0c0b8d29659dcc57437fd921c93e5ec4f0db0f",
"pubkey": "46a4087731df7384d590867906b556b8b1f78a8b64ffc77e9ddcaed2eaca408e",
"created_at": 1737491335,
"kind": 1,
"tags": [
[
"t",
"certpinning"
],
[
"t",
"fdroid"
],
[
"t",
"security"
],
[
"t",
"signature"
],
[
"t",
"privacy"
],
[
"proxy",
"https://social.tchncs.de/@kuketzblog/113868232177058622",
"web"
],
[
"proxy",
"https://social.tchncs.de/users/kuketzblog/statuses/113868232177058622",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.tchncs.de/users/kuketzblog/statuses/113868232177058622",
"pink.momostr"
],
[
"-"
]
],
"content": "Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: \"We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause.\" 😵👇\n\nhttps://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19\n\n#fdroid #security #privacy #certpinning #signature",
"sig": "1d61fee5daf5472f38089f4411e29e1469e302d855d5eba68758ece3eb6ac1a45d3ea8e3b3e5489f2748f12ac8cdb06c419ccb1cc721a56e0c727de495baacf4"
}