android-app icon indicating copy to clipboard operation
android-app copied to clipboard

Published 20 hours ago verified publisher icon ProtonVPN

Signature mismatch between the Google Play, Github and F-Droid APK

Open carlosjeurissen opened this issue 3 years ago • 3 comments
trafficstars

It seems the app signature is different between the different distribution channels for Proton VPN. This prevents users from updating their app without loosing their data if they change distribution channels.

The build number is also inconsistent, see: https://github.com/ProtonVPN/android-app/issues/86

carlosjeurissen avatar May 30 '22 14:05 carlosjeurissen

The F-Droid version is built by F-Droid and thus cannot have the same signature.

qoheniac avatar Jun 15 '22 14:06 qoheniac

Play Store may also be using Play Signing, in which case Google are re-signing with different keys after the fact.

ghost avatar Jun 16 '22 14:06 ghost

This is not a bug. They are built and signed differently per-store.

waltercool avatar Aug 11 '22 19:08 waltercool

All builds apart from from f-droid (which is build not by Proton but f-droid) use the same certificate with fingerprint: DC:C9:43:9E:C1:A6:C6:A8:D0:20:3F:34:23:EE:42:BC:C8:B9:70:62:8E:53:CB:73:A0:39:3F:39:8D:D5:B8:53. Switching between f-droid and other channels is indeed not possible.

mateusz-markowicz avatar Oct 25 '22 16:10 mateusz-markowicz