nostr:npub1xnf02f60r9v0e5kty33a404dm79zr7z2eepyrk5gsq3m7pwvsz2sazlpr5
Among the reproducible Android wallets, Zeus appears to be the first to have switched to Android App Bundles. We tested what we got from Google - the arm64-v8a version and found all bytes accounted for, giving it the verdict "reproducible" but with somewhat of a headache …
Android App Bundle or AAB in short allows Google to provide each user a tailored version of the product. For example in the case of this wallet, the older format contained binaries for arm64-v8a, armeabi-v7a, x86 and x86_64 CPUs. The new format only for "your" CPU.
https://void.cat/d/B44P1WNKFjQqSaYg6VTUng.webp
And that makes the app much smaller. In this case the zeus-universal.apk weighs 92MB while the zeus-arm64-v8a.apk only weighs 32MB.
With games where assets for bigger screens can be excluded for lower end devices, this can make even more of a difference.
But it also implies that Google gets the developer's signing key, theoretically enabling them to also tailor security aspects of your apps - on a case by case basis.
Google is pushing for AAB to trim MBs off all these apps but this comes at a cost:
* Security: Where before, only the developer could sign an update, now Google engineers can, too.
* Transparency: Where before, only one binary was circulating per version, now many circulate.
The full analysis of the latest Zeus wallet can be found here:
Discussion
No replies yet.