Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: “We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause.” 😵👇

https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19

#fdroid #security #privacy #certpinning #signature