top | item 39543060

Ask HN: Is it possible to verify the source used to compile a mobile app?

1 points| thetopher | 2 years ago

Let’s use Signal as an example. How confident can I really be that the app I’m getting from the App Store was built using the code that I see in GitHub?

It would be fantastic if Apple & Google gave developers the option of having their source code securely hosted and linked to from an app’s product page. Or at least some kind of cryptographic signature (a simple hash digest?) that could be used to foster more confidence.

I’m not an app developer, and my simple Google searching hasn’t come up with a satisfying answer.

1 comment

pvg|2 years ago

The google search term you want is "reproducible builds" which will give you some idea of the technical approaches to that sort of thing.