December 18, 2017
The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the …
March 13, 2017
In Debian stretch, the upcoming new release, it is now possible to build Android apps using only packages from Debian. This will provide all of the …
July 31, 2016
Following up on some privacy leaks that we looked into a while back, there are now official Debian Tor Onion Services for getting software packages …
December 29, 2015
It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated. What? The …
October 16, 2014
Update: now you can do this with Tor Onion Services Many software update systems use code signing to ensure that only the correct software is …
March 28, 2014
Hardware Security Modules (aka Smartcards, chipcards, etc) provide a secure way to store and use cryptographic keys, while actually making the whole …
February 12, 2014
The HTTPS protocol is based on TLS and SSL, which are standard ways to negotiate encrypted connections. There is a lot of complexity in the protocols …
December 6, 2013
Now that you can have a full GnuPG on your Android device with Gnu Privacy Guard for Android, the next step is getting keys you need onto your device …
November 5, 2013
(This blog post as now been cooked into an updated HOWTO) The Google Play Store for Android is not available in all parts of the world, US law …
May 16, 2013
The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access …