check repo index timestamps to prevent rollback attacks
A hacked fdroid server could "replay" old index.jar files known to have apps with vulnerabilities in it. That provides a long window of time for exploiting that vulnerability. By checking that the timestamp of an update is never older than the current index, this attack is prevented.
Showing with 95 additions and 13 deletions
This diff is collapsed.