#GMfrens, Romans, Countrymen.
i've been discussing this issue for a week or so with @ecency in the comments below this post
i would like #Ecency and Devs of all #Hive apps (and any App actually) to display a notice to ensure that users are aware of the importance of checking the integrity of the downloaded file (whether it be from Playstore, Appstore, Github or other repository) AND to provide simple and easy to follow instructions how to do so.
Why?
One reason is that an attacker (perhaps Google, Apple or maybe Microsoft who own Github) could hack a file, replace it and disguise the malicious file as a legitimate file. With apps on Hive (such as Ecency) also giving access to your wallet, this is super important in my opinion. Find out more about reasons why it's important to check file integrity here.
How?
An easy way is to use an app. For now i have installed HashDroid from F-Droid as it's Free and Open Source (FOSS). i'm not certain it's the best option (and i note that there is no checksum displayed to check it's own integrity, but at least it doesn't ask for any permissions so i expect it's safe).
You can read more about checking checksums here
Example
Now, using the HashDroid app, i will check the Checksum of the latest version of Ecency which i will download from Github.
Sidebar
i don't use Google if at all possible as in my opinion they are involved in #massmurder through censorship. i don't trust Github either, being Microsoft owned, but perhaps this is a lower risk.
The Github Repository for ecency-mobile is located here
You can see the Checksum displayed (recently added by Ecency following my request - thanks again).
i click the first file (apk) as i'm using Android, and get this message:
i think the reason why it say Download again is because Ecency always use the same file name. i think it would be best if the file name includes the version number. Can you do that in future please @ecency?
Anyway, i go ahead and download the file. Once file is download and BEFORE opening/installing the file to update the existing app, i open the HashDroid app,
- Select Hash a File
- Select SHA256
- Click CLICK HERE TO SELECT THE FILE TO HASH and navigate to the file i just downloaded (probably in Downloads folder)
- Click Calculate
This is the result i get
Now, i could just look at the Checksum & compare it with the #Checksum from #Github shown in the image above, or i can use the #HashDroid tool to check it exactly. Even though i've already compare it visually (and see it is not the same! - good job i checked!) i will go ahead and check it with HashDroid anyway.
- Select Compare Hashes Tab
- Paste the Checksum obtained from HashDroid
- Copy and Paste CheckSum from GitHub
It's very obvious that the #hashsums are different, but i'll go ahead to compare them anyway
- Click Compare
And obviously the #Hashes ** do NOT match**
So, it's over to you @ecency! Please let me know when you've sorted the issue. i look forward to using and testing v 3.0.38
Sat Nam
Atma
All photos taken by me with Redmi Note 9 Pro (unless noted otherwise)
#archon #teamuk #proofofbrain #palnet #matrix8 #PGM #OneUp #m8s #matrix8fixesthis #thoughtfuldailypost #vyb
