Create alert mechanism
Create a way to alert all users of a wallet about issues being found.
In order for a wallet to be resilient to rogue updates, an issue detected should easily be communicated to all users to take appropriate actions.
If a new update of wallet X is found to not be reproducible, it should be possible to inform all users of that wallet about this issue in an automated and instant way such that cautious users can block the update in time or even automatically.
This could be achieved by a library that is bundled in the wallet itself that can be alerted by us with a custom message and severity levels, with the library taking more or less drastic actions - toast about another wallet having issues, notify that a new reproducible version will be available soon, cut the internet to prevent updates to a potentially non-reproducible version that was detected.
A backdoor detected should definitely trigger the library to severe the update automatism. This could be achieved by switching off internet and asking the user to disable auto-update for that app before switching internet back on. Other ways should be explored, too.
@mohammad.rafigh will work on this in the scope of improving the WalletScrutiny app and its backend:
-
get to compile, run and know app and server -
fix collection of app updates. Probably due to a server issue the app reporting a new apk fails to store that apk on the server. -
when any of the monitored (once reproducible) apps rolls out an update that gets detected by the WS app, we should get notified from the server to investigate. Ideally this should happen through a notification from the app (apk received -> unknown sha256sum -> appId determined -> notify) -
run the test script on the server and add the result to the notification (apk received -> unknown sha256sum -> appId determined -> notify -> test -> notify) -
make sure the documentation to get up to speed on server and client is up to date
"notify" can consist in showing a notification when the client polls the server every 30 minutes. Of course hash->manualTestResult supersedes hash->AutoTestResult supersedes hash->appIdWithUnknownTestResult. It's just important to update the state on reception of a new file in case others would report/upload it, too or in case the test takes very long or fails.