gradlew script broken #7
Description
Looks like your gradlew script (in the project root) is broken – it has line breaks where they to not belong, and hence cannot be run. Examples:
#!/usr/bin/
env share the first two lines. There should be no line break, that should be plain #!/usr/bin/env sh. Same later in the comments:
##############################################################################
##
##
Gradle start
up script
for
UN *X
##
##############################################################################using our own gradle wrapper, some good news however: the APK is reproducible (see e.g. Reproducible Builds, special client support and more at IzzyOnDroid for some background on that), congrats! 🥳 And the only finding our scanners turned up was:
SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
which can be easily avoided by adding some lines to your build.gradle:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs (for IzzyOnDroid/F-Droid)
includeInApk = false
// Disables dependency metadata when building Android App Bundles (for Google Play)
includeInBundle = false
}
}For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.
One last question: would there be an icon and maybe a screenshot or two to present with your app? I know there is no icon in the APK itself, but it seems to be set as extracting throws a ERROR: Cannot fetch icon from repo/io.github.auag0.disableaudiofocus_101000.apk: invalid literal for int() with base 16: '0xandroid:010D0000' because of AndroidManifest.xml having
<application
android:icon="@android:mipmap/sym_def_app_icon"
android:label="@string/app_name">and there is no mipmap in the resource directory…