-
a9a0cbcf · gitlab-ci: update to current OTA ZIP version to fix tests
- ... and 1 more commit. Compare 58ba588e...a9a0cbcf
Maybe the issue is that a vendor might include a carrier-signed app and then the carrier releases a new version adding more permissions. They talk ...
It seems like it's only for priv-app though, not platform apps, so I have no idea what the goal is supposed to be. I just dealt with it to make the...
I don't know why they added it. Maybe it helps in the case where the permissions are tied to signatures and a platform app is removed from the OS (...
-
58ba588e · Merge branch 'whitelist' into 'master'
- ... and 1 more commit. Compare 914a77e3...58ba588e
Looks good....
Signing / verifying using the AOSP test keys has no security value, the keys are public. Those aren't for production usage, they're replaced as par...
@cde, did you use official TWRP build to check that it accepts AOSP's testkey? I suspect it was a homemade build that wasn't properly signed.
So should we sign this OTA ZIP with the AOSP test key? Seems like a weak signature check would be better than nothing, provided it works seamlessly.