Provide SHA256 certificate signing hash on GitHub and website #1011
Description
Acknowledgments
Please check the following boxes with an x if they apply:
- The feature I want to propose would be useful for the majority of users, not only for me personally.
- I am aware that Transportr is mostly developed by one person in their unpaid spare time.
- I can help myself to get this feature implemented or know someone who wants to do it.
- If I want to add support for a new region or country, I checked that this is already available in public-transport-enabler and know the process described on the Transportr homepage.
Is your feature request related to a problem? Please describe.
Currently users who install the APK from GitHub have no way of knowing if the app installed is genuine or not. An easy way to confirm this is by verifying the signing certificate hash using an app like AppVerifier.
Describe the solution you'd like
Provide a SHA256 signing certificate hash on GitHub and on the website. Providing it on the website is beneficial as if GitHub is compromised and a malicious signing key is used, the attacker can simply change the signing certificate key in the README to match the malicious one, this will trick new users who install the app after this happens and assume it is genuine. The solution is to ideally post the certificate signing hash on multiple platforms.
Describe alternatives you've considered
no alternatives
Additional context
note that this is not asking for the SHA256 of the file itself as this would require continuous verification but asks for a SHA256 hash of the signing certificate which remains stable until the signing key is changed.
Example here: https://accrescent.app/faq#verifying