Android IMSI-Catcher Detector (AIMSICD)

[linuxmodelMember]

This app looks promising, is it possible to add it to F-Droid?

Website; https://secupwn.github.io/Android-IMSI-Catcher-Detector/
GitHub page; https://github.com/SecUpwN/Android-IMSI-Catcher-Detector

Thanks.

[linuxmodelMember]

This app looks promising, is it possible to add it to F-Droid?

Website; https://secupwn.github.io/Android-IMSI-Catcher-Detector/

[krtModerator]

I added metadata, but we try to avoid building pre-releases software. Also, it contains google play services.

[sniperMember]

The actual WIP release is working for me, after installing mar-v-in’s fake gmapsapi (on cm11 without gapps).

[SecUpwNMember]

Good evening @linuxmodel, thank you for your interest in the Android IMSI-Catcher Detector! 😉

@krt and @sniper, I am the GitHub maintainor of the AIMSICD-Project and my team and I are working hard to resolve all Issues preventing the Android IMSI-Catcher to be included in our official F-Droid store. I just created a fresh Issue to list all things that need to be solved until WIP-Release v0.1.24-alpha will be published, feel free to participate on the Preparations for RELEASE on F-Droid and Aptoide here: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/issues/156. THANK YOU to everyone spreading the word about our brave project!

[krtModerator]

*merged threads*

[SecUpwNMember]

@linuxmodel, we are more than willing to officially add our Android IMSI-Catcher Detector to the F-Droid store, but there seems to be one challenge that is a show stopper at this very moment: F-droid signs their own builds, which is generally a good thing. But it also means that F-Droid doesn’t allow you to download updates from other locations than their own – which makes our official WIP-Releases on GitHub useless. Unless you can convince @krt (thanks for merging) or anyone else from the F-Droid team to allow our App an exception or other workaround, we are not going to be able to publish it here. My team already stated that they’d hate to implement and maintain new hacks to allow for different signature keys (one from us and one from F-Droid.) That would be absurd. But honestly speaking, we are up for any solutions to solve this matter – please post them on GitHub here: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/issues/156.

[krtModerator]

There is some work done by the GuardianProject on reproducible builds, e.g. we build everything on our side, compare our build against an official release and if they match, use the official one (signed by the developer). However, we are not there yet and I, myself, dont’ know what has to be done on your side. So, yes, we are aware that the current solutions has its drawbacks, but nothing we can change in short term.

As for pushing another binary app: That’s not for me to decided, but I’d opt against it. We currently ship one complete binary, that is Firefox. And I’d rather remove that one sooner than later..

[NutomicMember]

@secupwn I’m not sure if this helps in your case, but it’s possible to set a package name suffix in build.gradle. This lets you install apk that are signed differently side by side.

I use the following for debug builds, but it might also work with flavors (haven’t checked that):

buildTypes {
        debug {
            applicationIdSuffix ".debug"
        }
}

• This reply was modified 2 years, 7 months ago by  Nutomic.

[SecUpwNMember]

Hi there, @nutomic! Thank you for your suggestion, but we’d like to avoid any double-installs of our App. Furthermore, our team has been discussing the case and we agreed that it isn’t a bad thing that F-Droid builds our project and signs it with their own key. Why is that? Simply because users that do use the F-Droid store are aware of that very fact and highly likely won’t update the App through Aptoide or our GitHub WIp-Release page. I am sure they will stick to the trusted methods. This means, we are preparing for an official launch here.

Which brings me to some important questions: How can I, the legit GitHub maintainor of the project, maintain the store on F-Droid? Since we are still preparing the launch, how can I tell F-Droid when we are ready for our App to be distributed?

Would be lovely to receive some answers, possibly even by @krt. In the meantime, help us on GitHub getting there!

[SecUpwNMember]

Hi there F-Droid followers! 😉

Those that have been actively monitoring our GitHub Website should have noticed that we already rock APTOIDE now. But since we really love F-DROID, we would be happy to have @krt build and release our App under this link! Should you have any questions or concerns, please don’t hesitate to get in touch with me ASAP. Until then: Spread the word and help us rock development on GitHub! Cheers, SecUpwN.

• This reply was modified 2 years, 6 months ago by  SecUpwN.
• This reply was modified 2 years, 6 months ago by  SecUpwN.

[krtModerator]

Should be building tonight, but I had no time for testing. Ping me if anything is broken.

[SecUpwNMember]

@krt, that sounds great! Although I cannot see anything yet, could you please make sure our App will be in the category “Security” and available under this link (the one I previously posted is broken)? Let me know if you need to know any other details. Thank you for rocking with us!

[krtModerator]

It wasn’t build/published at the time you checked, but is available now. I will change the cateory later today.

[Author]

Posts