top | item 37839747 Obtainium – Get Android App Updates Directly from the Source 2 points| gray_charger | 2 years ago |github.com 5 comments order hn newest ggm|2 years ago hmmm. mediated access. how do I know to trust the hash checksum checks? Feels like it requires an independent tool to verify what I should get and what I do get because .. trust isn't transitive through a proxy. westurner|2 years ago There could be asset hashes in sigstore: https://sigstore.dev/Is there a good way to run native mobile app GUI tests with GitHub Actions?A VM/container emulator like anbox, waydroid, (or all of ChromeOS Flex in KVM) in a GitHub Action is probably enough to run GUI tests?A SLSA builder for Android apps would be good: "Build your own SLSA 3+ provenance builder on GitHub Actions" https://slsa.dev/blog/2023/08/bring-your-own-builder-githubFWIU e.g. Fdroid does not do SafetyNet-like SAST scans of APKs. load replies (1) jqpabc123|2 years ago So I guess the world of apps has come full circle --- from direct download to app store extortion back to direct download.
ggm|2 years ago hmmm. mediated access. how do I know to trust the hash checksum checks? Feels like it requires an independent tool to verify what I should get and what I do get because .. trust isn't transitive through a proxy. westurner|2 years ago There could be asset hashes in sigstore: https://sigstore.dev/Is there a good way to run native mobile app GUI tests with GitHub Actions?A VM/container emulator like anbox, waydroid, (or all of ChromeOS Flex in KVM) in a GitHub Action is probably enough to run GUI tests?A SLSA builder for Android apps would be good: "Build your own SLSA 3+ provenance builder on GitHub Actions" https://slsa.dev/blog/2023/08/bring-your-own-builder-githubFWIU e.g. Fdroid does not do SafetyNet-like SAST scans of APKs. load replies (1)
westurner|2 years ago There could be asset hashes in sigstore: https://sigstore.dev/Is there a good way to run native mobile app GUI tests with GitHub Actions?A VM/container emulator like anbox, waydroid, (or all of ChromeOS Flex in KVM) in a GitHub Action is probably enough to run GUI tests?A SLSA builder for Android apps would be good: "Build your own SLSA 3+ provenance builder on GitHub Actions" https://slsa.dev/blog/2023/08/bring-your-own-builder-githubFWIU e.g. Fdroid does not do SafetyNet-like SAST scans of APKs. load replies (1)
jqpabc123|2 years ago So I guess the world of apps has come full circle --- from direct download to app store extortion back to direct download.
ggm|2 years ago
westurner|2 years ago
Is there a good way to run native mobile app GUI tests with GitHub Actions?
A VM/container emulator like anbox, waydroid, (or all of ChromeOS Flex in KVM) in a GitHub Action is probably enough to run GUI tests?
A SLSA builder for Android apps would be good: "Build your own SLSA 3+ provenance builder on GitHub Actions" https://slsa.dev/blog/2023/08/bring-your-own-builder-github
FWIU e.g. Fdroid does not do SafetyNet-like SAST scans of APKs.
jqpabc123|2 years ago