bitfireat / cert4android Goto Github PK

The way the module actually defines package names. As stated by Google in Android Developers, the package name should be stated in the build.gradle file. Updating the build.gradle file to add the namespace option fixes the problem:

android {
    defaultConfig {
        namespace "at.bitfire.cert4android"
    }
}

In any case, this change is recommended in AGP 7.3+. So it should be implemented.

We would have to care less about compile-time settings when this would be a real library. It would be easier to integrate with other projects.

I think of this is a separate library that

• can be added as a normal dependency and then be used in other projects

• has two components, something like a lib and and sample-app directory:

  • lib contains the lib and is what is imported when other projects add the dependency
  • sample-app contains a minimum sample app that also allows to test cert4android in real when debugging (not imported with the dependency)

• make it a jitpack library

• document how to embed the library

• separate demo app from lib

  • build action for jitpack should only build lib
  • demo app can be opened in Android Studio to test and work on the lib

When a certificate becomes invalid over time, users sometimes don't see the certification notification, and then the connections are rejected with time out.

Let's try with one level higher notifications (importance high):

• in NotificationUtils.createChannels
• and I think we have to set it in the actual NotificationCompat.Builder too, for Android versions that don't have channels yet

Is MD5 secure enough to display a fingerprint to let users decide whether the certificate is trusted? Otherwise just keep SHA1

Tracking issue for:

• https://github.com/bitfireAT/cert4android/security/code-scanning/1

There's currently just TrustCertificateActivity in cert4android, so we can migrate it to Jetpack Compose, and see how it goes, before migrating icsx5 and the bigger projects.

Steps:

• Disable dataBinding and enable compose
• Configure Jetpack Compose
  • Configure app's build.gradle
  • Add dependencies
• Add Accompanist Theme Adapter for testing automatic theme migration.
• Migrate all the UI inside TrustCertificateActivity
• Remove activity_trust_certificate from layouts.
• Remove all the XML libraries from build.gradle

We don't need the AIDL interfaces; they are from times when cert4android had to communicate between multiple processes (because DAVx⁵ was split into multiple processes).

AIDL is disabled by default since AGP 8.0 and I think we should get rid of it.

It should be replaced by appropriate inter-thread communication.