[liberationtech] From Snowden's email provider. NSL???

John Sullivan johns at fsf.org
Wed Sep 4 21:58:33 PDT 2013 

Tom Ritter <tom at ritter.vg> writes:

> I *think* that app stores take a binary you upload and run their
> static and dynamic checks on that.  They then publish that binary
> without modification.  (Indeed, how could they modify it?  You sign it
> with your key.)  In that case, I think a verifiable build system ala
> Gitian would work well.
>
> The trust web is such that knowledgeable users can replicate a build
> to a hash.  That hash is what anyone downloads via the App Store, and
> less knowledgeable users, but users running rooted phones, can pull
> the binary off and check the hash.  That hash is what's signed by the
> developer's private signing key.  The app store can't substitute a
> different binary (no developer signing key), users can verify that the
> app was what the developer produced (via pulling the binary and
> checking the hash), and advanced users can verify that what the
> developer produced is what they produce via the replicable build
> process.

That's not my understanding of how the Apple store works. Apple does
modify the app before distribution (they have to apply their DRM for
example), and so the user cannot verify against the original signing
key. The developer signing key is for purposes of testimony to Apple,
not to the later user. Also, it arguably violates the App Store
distribution agreement for a developer to distribute her source or
binary from any other place -- the App Store distribution agreement is
designed to be an exclusive one. (Obviously a lot of people do
distribute their iOS app source from their own sites, but this is what
the apparently unenforced agreement said last I looked.)

I could be wrong about this, as I haven't gone over the details lately,
but I'm pretty sure that's right.

See for example
<http://arstechnica.com/apple/2012/07/apple-fixes-app-store-drm-error-crash-free-downloads-resume/>: 

"A server error caused the FairPlay DRM encoding to fail, which resulted
in users receiving corrupted binaries when applying any recent updates
via the iOS App Store or the Mac App Store. These corrupt binaries would
crash on launch, failing to authenticate properly as a legitimate
download. Arment had identified as many as 120 apps that had been
affected by the issue as of Thursday."

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<http://www.fsf.org/register_form?referrer=8096>.

More information about the liberationtech mailing list