summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2023-04-04 12:52:18 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2023-04-05 13:54:23 +0200
commitdc1860c74dd67e18a66fe9e243eeffa689bef043 (patch)
tree869afdb86b3a3e853ca4b9a102f6111038f64211
parent6209d3ee3dd29dfabab8b3d49908fa59b4b91714 (diff)
ui: distinguish play store installs at runtime for reproducible builds
This change lets us use the same build for F-Droid, Play Store, self builds, and elsewhere, which makes everything more easily publicly verifiable, since the build system is reproducible. That means that all APKs will have the same code and be completely interchangeable, no matter where they come from. It does this by removing the build-time branch for special Play Store builds, and replacing it with a simple runtime check using the PackageManager APIs that return the name of the installer. If the app is installed by "com.android.vending", then it's a Play Store install. It's possible to test this with: $ pm install -i com.android.vending path/to/package.apk And it appears to work well. One potential concern is that it's unclear whether the Play Store reviewers install the app using utilities that set com.android.vending like this. If not, that might be a problem. However, it looks like various banking apps also use the installer package name check in the same way, and refuse to start if it's not right. That suggests that it would be impossible for Play Store reviewers to even review those banking apps if they did not set com.android.vending properly. Out of an abundance of caution, though, and in order to avoid a Play Store suspension that's harder to appeal, I sent a support request today (which just managed to fit exactly in the 1000 character limit): Hi, My app pays special attention to Google Play Store guidelines. For that reason, there is some code in the app that looks like this: if (BuildConfig.IS_GOOGLE_PLAY) ... else ... This means that I compile two versions of my app, one for Google Play, and another for other app stores. This has worked well for many years and it satisfies Google's policy requirements. However, compiling two versions of my app is a bit of a pain. Instead, I would like to do this check at runtime, with code like this: if (pm.getInstallSourceInfo(package).installingPackageName == "com.android.vending") ... else ... I have tested that this code works well, and I've installed my app with: $ pm install -i com.android.vending ui-release.apk This works and successfully satisfies the policy requirements. My question is how this works during the review process. Are reviewed apps installed with the necessary -i com.android.vending switch to make this work? Thanks. They responded fairly quickly: Hi Jason, Thanks for contacting the Google Play team. Unfortunately I'm not able to comment on your planned implementation. If you think your app is in compliance, please submit your app for review. You may want to review the Developer Program Policies for additional policy guidance. We recommend reviewing the details listed in this blog post and update your app accordingly to comply with the changes. Thanks for your understanding and continued support. Regards, Mia Google Play Developer Support So I'll interpret that as a, "if you think it's okay, submit it and see, and then we'll let you know." So here we go. Hopefully if it is rejected, the update will only be blocked, and I'll just revert this commit and resubmit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--ui/build.gradle3
-rw-r--r--ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt17
2 files changed, 15 insertions, 5 deletions
diff --git a/ui/build.gradle b/ui/build.gradle
index bd060a71..5e21010f 100644
--- a/ui/build.gradle
+++ b/ui/build.gradle
@@ -48,9 +48,6 @@ android {
}
}
buildTypes {
- all {
- buildConfigField('boolean', 'IS_GOOGLE_PLAY', (findProperty('build.google_play') == 'true').toString())
- }
release {
if (keystorePropertiesFile.exists()) signingConfig signingConfigs.release
minifyEnabled true
diff --git a/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt b/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt
index 59980dcb..bb49c7e1 100644
--- a/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt
+++ b/ui/src/main/java/com/wireguard/android/preference/DonatePreference.kt
@@ -8,11 +8,11 @@ package com.wireguard.android.preference
import android.content.Context
import android.content.Intent
import android.net.Uri
+import android.os.Build
import android.util.AttributeSet
import android.widget.Toast
import androidx.preference.Preference
import com.google.android.material.dialog.MaterialAlertDialogBuilder
-import com.wireguard.android.BuildConfig
import com.wireguard.android.R
import com.wireguard.android.util.ErrorMessages
@@ -22,8 +22,21 @@ class DonatePreference(context: Context, attrs: AttributeSet?) : Preference(cont
override fun getTitle() = context.getString(R.string.donate_title)
override fun onClick() {
+ val installer = try {
+ val packageName = context.packageName
+ val pm = context.packageManager
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+ pm.getInstallSourceInfo(packageName).installingPackageName ?: ""
+ } else {
+ @Suppress("DEPRECATION")
+ pm.getInstallerPackageName(packageName) ?: ""
+ }
+ } catch (_: Throwable) {
+ ""
+ }
+
/* Google Play Store forbids links to our donation page. */
- if (BuildConfig.IS_GOOGLE_PLAY) {
+ if (installer == "com.android.vending") {
MaterialAlertDialogBuilder(context)
.setTitle(R.string.donate_title)
.setMessage(R.string.donate_google_play_disappointment)