According to the reproducible builds definition:
A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.
In the case of android apps, that means bit-by-bit identical APK files.
NB: APK files use the ZIP file format.
Unfortunately, embedded cryptographic signatures make it challenging to produce bit-by-bit identical APK files. There are several ways to deal with this: pasting signatures, ignoring signatures, and stripping signatures.
For example, F-Droid uses APK
signature copying using
apksigcopier
.
Another option, harder to get right, is ignoring signatures:
A specific comparison tool can be made available that is able to compare to builds skipping the signatures. [...]
Such a tool must be very easy to audit and understand. Otherwise, it’s hard to trust that the script is not ignoring bytes that would make it behave differently.
Everything but the APK Signing Block must be bit-by-bit identical for any v2/v3 APK signature to verify, whereas the old v1 (JAR) signature scheme only verifies the uncompressed contents of the ZIP entries (that are not part of the signature).
Signal, Telegram, and Threema all claim to have reproducible builds.
NB: e.g. Element and Wire do not (claim to) have reproducible builds.
Uses a custom apkdiff.py
script.
This script:
-
has had a rather serious bug (fixed in 2016);
-
seems oddly written, not exactly idiomatic Python code (e.g. use of
== True
); -
does not actually verify the APK files are bit-by-bit identical (apart from the signature), just that most of the files in the APK are identical;
-
ignores the files
META-INF/MANIFEST.MF
,META-INF/SIGNAL_S.RSA
, andMETA-INF/SIGNAL_S.SF
, which is reasonable since these are the v1 (JAR) signature files; -
also ignores the file
resources.arsc
, because of a bug in AGP, and continues to ignore this file despite the bug having been fixed in 2019 and a comment from that same year that "We should revisit when we update", which apparently never happened despite using a much newer version of AGP now.
Conclusion: this script does not verify the APK files are bit-by-bit identical, skips more than just the signature(s), and is thus not suitable to actually verify the build was reproducible.
Uses a custom apkdiff.py
script.
This script:
-
has had a rather serious bug (fixed in 2020);
-
seems oddly written, not exactly idiomatic Python code (e.g. use of
== True
, semicolons, mixes tabs and spaces); -
does not actually verify the APK files are bit-by-bit identical (apart from the signature), just that most of the files in the APK are identical;
-
ignores the files
META-INF/MANIFEST.MF
,META-INF/CERT.RSA
, andMETA-INF/CERT.SF
, which is reasonable since these are the v1 (JAR) signature files.
Conclusion: this script does not verify the APK files are bit-by-bit identical and is thus not suitable to actually verify the build was reproducible, though at least it does not intentionally skip files not part of the signature.
Uses a custom verify-build.sh
script.
This script:
-
has some oddities (e.g.
&& success=1 || success=0
instead of$?
), but otherwise looks fairly idiomatic; -
does not actually verify the APK files are bit-by-bit identical (apart from the signature), just that most of the files in the APK are identical;
-
ignores everything in
META-INF/
, not just the v1 (JAR) signature files; -
also ignores the file
resources.arsc
(presumably because of the aforementioned bug in AGP that was fixed in 2019).
Conclusion: this script does not verify the APK files are bit-by-bit identical, skips much more than just the signature(s), and is thus not suitable to actually verify the build was reproducible.
It's quite possible these messengers actually have reproducible builds, but the verification scripts they use don't actually allow us to verify whether they do.
Published 2022-12-05, edited 2023-01-07.
Addendum: Briar is a messenger that does have reproducible builds; this has been verified by F-Droid using signature copying, with the validity of the v2 APK signature ensuring the APKs being actually bit-by-bit identical.