New signature

Question

New signature

Closed this issue 4 months ago · 5 comments

The latest version (5.5.68.0) does not have the correct signature, why ? Is this normal ?

Answer 1 · 2024-08-21T21:43:27.000Z

What does that mean for the users? Aug 21, 2024, 5:33 PM by ***@***.***:

The latest version (5.5.68.0) does not have the correct signature, why ? Is this normal ? — Reply to this email directly, > view it on GitHub <#143>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/A6G5JCCI57ILACRNS7M7T4DZSUBSNAVCNFSM6AAAAABM43M3JKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ3TSMJXGY3TOOI>> . You are receiving this because you are subscribed to this thread.> Message ID: > <ProtonVPN/android-app/issues/143> @> github> .> com>

Answer 2 · 2024-08-21T22:15:05.000Z

The signature is used to ensure the veracity of an application. If it differs from that given by the developer, then it has been signed by someone else.

Answer 3 · 2024-08-21T22:37:00.000Z

Got it. Thanks so much for your reply. Aug 21, 2024, 6:15 PM by ***@***.***:

…

The signature is used to ensure the veracity of an application. If it differs from that given by the developer, then it has been signed by someone else. — Reply to this email directly, > view it on GitHub <#143 (comment)>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/A6G5JCCQKTHGHMEBXWGV5SLZSUGP5AVCNFSM6AAAAABM43M3JKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBTGEYDCNJXGI>> . You are receiving this because you commented.> Message ID: > <ProtonVPN/android-app/issues/143/2303101572> @> github> .> com>

Answer 4 · 2024-08-22T07:23:18.000Z

Possibly has something to do with the latest release being published by @mateusz-markowicz instead of @proton-ci ?
Hopefully it was just accidentally signed with the wrong key and they can release a hotfix correcting it.

Since it wasn't mentioned in the release notes, I'm guessing it wasn't intentional.

Answer 5 · 2024-08-22T07:32:10.000Z

Yes, this was a mistake on our side. We changed the release process, so most recent release was done manually and simply incorrect artifact which was signed with debug key was picked.
We have fixed the 5.5.68.0 release now, so the apk should be good and signed with release key.