android - How can I know if provided source code was used to build APK? -
tl;dr: i'm wondering if there's anyway me ensure source code (re)viewed on github open-source project actually used build apk i'm downloading google play?
let's want find app encrypting files on local android device. there several apps available when googling, many open-source. i'm going encrypt sensitive information, i'd ensure it's done correctly (and without bad intent), review source code app. looks okay, download app google play , start using it.
if developer of app wanted to, offline modify source code (in "private build step", say), , inject whatever want (send unencrypted file content somewhere, fake-encrypt files, whatever), build apk , upload apk google play instead.
is there anyway verify apk came source code?
Comments
Post a Comment