signing options #269
Description
I just found the release (didn't you want to ping me when the next app is available, @naveensingh?) – great, so I can include phone with my repo as well! However, the pre-inclusion scan brought up this:
SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
Not sure how you sign your APKs, but my guess is AndroidStudio, which includes that blob by default. I've heard there's an option to disable that; alternatively, signing with apksigner avoids this as well.
You can find some background on that dependency info block (and other blobs in signing blocks) here, I'll hopefully set up a proper documentation soon. In short, this is supposed to be just the dependency tree in binary form, but it's encrypted so no one but Google can really read it. As one could even hide payload in such blobs (details behind my link), it's better avoided.
No pressure, no ultimatum or whatever – this is just a hint. And it most likely affects the builds of your other apps as well. This additional check was just included with my repo yesterday, and only with the pre-inclusion checks for now, which is why it didn't show up earlier with any app.
Thanks for checking, evaluating – and hopefully, adjusting 😉
PS: May I ask why phone requires android.permission.WRITE_EXTERNAL_STORAGE? Minimum Android version is 6, so I guess you're using SAF for file system access when needed?
(Going live with the next sync around 7 pm UTC – and for formatting of the description, I already gave you the hint for HTML; again please let me know when you switch to that so I adjust my updater accordingly)