• GolfNovemberUniform
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      il y a 5 mois

      Check the code for suspicious lines and then check the compiled app for network traffic etc

      • DessalinesOPMA
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        il y a 5 mois

        There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don’t have time to read through every line of code of every dep update, but here’s the source code: https://android.googlesource.com/platform/tools/base

        If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.

        • GolfNovemberUniform
          link
          fedilink
          arrow-up
          1
          arrow-down
          3
          ·
          il y a 5 mois

          Reading through the code of the dependency is not required. What is required is reading through the merge request to see if the dependency isn’t used for malicious or wasteful purposes. Checking on the authenticity of the dependency is a good idea too.