diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2023-04-04 12:52:18 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2023-04-05 13:54:23 +0200 |
commit | dc1860c74dd67e18a66fe9e243eeffa689bef043 (patch) | |
tree | 869afdb86b3a3e853ca4b9a102f6111038f64211 | |
parent | 6209d3ee3dd29dfabab8b3d49908fa59b4b91714 (diff) |
ui: distinguish play store installs at runtime for reproducible builds
This change lets us use the same build for F-Droid, Play Store, self
builds, and elsewhere, which makes everything more easily publicly
verifiable, since the build system is reproducible. That means that all
APKs will have the same code and be completely interchangeable, no
matter where they come from.
It does this by removing the build-time branch for special Play Store
builds, and replacing it with a simple runtime check using the
PackageManager APIs that return the name of the installer. If the app is
installed by "com.android.vending", then it's a Play Store install.
It's possible to test this with:
$ pm install -i com.android.vending path/to/package.apk
And it appears to work well.
One potential concern is that it's unclear whether the Play Store
reviewers install the app using utilities that set com.android.vending
like this. If not, that might be a problem. However, it looks like
various banking apps also use the installer package name check in the
same way, and refuse to start if it's not right. That suggests that it
would be impossible for Play Store reviewers to even review those
banking apps if they did not set com.android.vending properly.
Out of an abundance of caution, though, and in order to avoid a Play
Store suspension that's harder to appeal, I sent a support request
today (which just managed to fit exactly in the 1000 character limit):
Hi,
My app pays special attention to Google Play Store guidelines. For that
reason, there is some code in the app that looks like this:
if (BuildConfig.IS_GOOGLE_PLAY)
...
else
...
This means that I compile two versions of my app, one for Google Play,
and another for other app stores. This has worked well for many years
and it satisfies Google's policy requirements.
However, compiling two versions of my app is a bit of a pain. Instead, I
would like to do this check at runtime, with code like this:
if (pm.getInstallSourceInfo(package).installingPackageName == "com.android.vending")
...
else
...
I have tested that this code works well, and I've installed my app with:
$ pm install -i com.android.vending ui-release.apk
This works and successfully satisfies the policy requirements.
My question is how this works during the review process. Are reviewed
apps installed with the necessary -i com.android.vending switch to make
this work?
Thanks.
They responded fairly quickly:
Hi Jason,
Thanks for contacting the Google Play team.
Unfortunately I'm not able to comment on your planned implementation. If
you think your app is in compliance, please submit your app for review.
You may want to review the Developer Program Policies for additional
policy guidance.
We recommend reviewing the details listed in this blog post and update
your app accordingly to comply with the changes.
Thanks for your understanding and continued support.
Regards,
Mia
Google Play Developer Support
So I'll interpret that as a, "if you think it's okay, submit it and see,
and then we'll let you know." So here we go. Hopefully if it is
rejected, the update will only be blocked, and I'll just revert this
commit and resubmit.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | ui/build.gradle | 3 | ||||
-rw-r--r-- | ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt | 17 |
2 files changed, 15 insertions, 5 deletions
diff --git a/ui/build.gradle b/ui/build.gradle index bd060a71..5e21010f 100644 --- a/ui/build.gradle +++ b/ui/build.gradle @@ -48,9 +48,6 @@ android { } } buildTypes { - all { - buildConfigField('boolean', 'IS_GOOGLE_PLAY', (findProperty('build.google_play') == 'true').toString()) - } release { if (keystorePropertiesFile.exists()) signingConfig signingConfigs.release minifyEnabled true diff --git a/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt b/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt index 59980dcb..bb49c7e1 100644 --- a/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt +++ b/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt @@ -8,11 +8,11 @@ package com.wireguard.android.preference import android.content.Context import android.content.Intent import android.net.Uri +import android.os.Build import android.util.AttributeSet import android.widget.Toast import androidx.preference.Preference import com.google.android.material.dialog.MaterialAlertDialogBuilder -import com.wireguard.android.BuildConfig import com.wireguard.android.R import com.wireguard.android.util.ErrorMessages @@ -22,8 +22,21 @@ class DonatePreference(context: Context, attrs: AttributeSet?) : Preference(cont override fun getTitle() = context.getString(R.string.donate_title) override fun onClick() { + val installer = try { + val packageName = context.packageName + val pm = context.packageManager + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) { + pm.getInstallSourceInfo(packageName).installingPackageName ?: "" + } else { + @Suppress("DEPRECATION") + pm.getInstallerPackageName(packageName) ?: "" + } + } catch (_: Throwable) { + "" + } + /* Google Play Store forbids links to our donation page. */ - if (BuildConfig.IS_GOOGLE_PLAY) { + if (installer == "com.android.vending") { MaterialAlertDialogBuilder(context) .setTitle(R.string.donate_title) .setMessage(R.string.donate_google_play_disappointment) |