#GMfrens, Romans, Countrymen.
i've been discussing this issue for a week or so with @ecency in the comments below this post
i would like #Ecency and Devs of all #Hive apps (and any App actually) to display a notice to ensure that users are aware of the importance of checking the integrity of the downloaded file (whether it be from Playstore, Appstore, Github or other repository) AND to provide simple and easy to follow instructions how to do so.
Why?
One reason is that an attacker (perhaps Google, Apple or maybe Microsoft who own Github) could hack a file, replace it and disguise the malicious file as a legitimate file. With apps on Hive (such as Ecency) also giving access to your wallet, this is super important in my opinion. Find out more about reasons why it's important to check file integrity here.
How?
An easy way is to use an app. For now i have installed HashDroid from F-Droid as it's Free and Open Source (FOSS). i'm not certain it's the best option (and i note that there is no checksum displayed to check it's own integrity, but at least it doesn't ask for any permissions so i expect it's safe).
You can read more about checking checksums here
Example
Now, using the HashDroid app, i will check the Checksum of the latest version of Ecency which i will download from Github.
Sidebar
i don't use Google if at all possible as in my opinion they are involved in #massmurder through censorship. i don't trust Github either, being Microsoft owned, but perhaps this is a lower risk.
The Github Repository for ecency-mobile is located here
You can see the Checksum displayed (recently added by Ecency following my request - thanks again).
i click the first file (apk) as i'm using Android, and get this message:
i think the reason why it say Download again is because Ecency always use the same file name. i think it would be best if the file name includes the version number. Can you do that in future please @ecency?
Anyway, i go ahead and download the file. Once file is download and BEFORE opening/installing the file to update the existing app, i open the HashDroid app,
- Select Hash a File
- Select SHA256
- Click CLICK HERE TO SELECT THE FILE TO HASH and navigate to the file i just downloaded (probably in Downloads folder)
- Click Calculate
This is the result i get
Now, i could just look at the Checksum & compare it with the #Checksum from #Github shown in the image above, or i can use the #HashDroid tool to check it exactly. Even though i've already compare it visually (and see it is not the same! - good job i checked!) i will go ahead and check it with HashDroid anyway.
- Select Compare Hashes Tab
- Paste the Checksum obtained from HashDroid
- Copy and Paste CheckSum from GitHub
It's very obvious that the #hashsums are different, but i'll go ahead to compare them anyway
- Click Compare
And obviously the #Hashes ** do NOT match**
So, it's over to you @ecency! Please let me know when you've sorted the issue. i look forward to using and testing v 3.0.38
Sat Nam
Atma
All photos taken by me with Redmi Note 9 Pro (unless noted otherwise)
#archon #teamuk #proofofbrain #palnet #matrix8 #PGM #OneUp #m8s #matrix8fixesthis #thoughtfuldailypost #vyb
Yes, we will.
Do you know what hashsum uses to check checksum? Because our checksum algorithm is SHA256, when comparing you should use that.
Yes, if you look at the screenshots in the posts you will see that i did select SHA256
I gifted $PIZZA slices here:
@atma.love(10/15) tipped @jonnythinker (x1)
Please vote for pizza.witness!
Congratulations @atma.love! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 6750 replies.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts:
This is a really good way of creating awareness on the integrity of app especially on hive because I see hive coin to very important,I think this will save users from falling victim to hacks. Thanks for this awareness
Thanks for sharing your appreciation :-)
Some free Hive-engine tokens for you:
!PGM !PIZZA !LOL
Ps. Would you like to have some fun, help save the world and get rich while doing so?
lolztoken.com
It was just so lava-able.
Credit: belhaven14
@jonnythinker, I sent you an $LOLZ on behalf of @atma.love
Use the !LOL or !LOLZ command to share a joke and an $LOLZ
(6/10)
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
Thanks alot
You're Welcome
Do you use @dustbunny and/or @dustsweeper which, for a small delegation will upvote your posts/comments if they have not reached the minimum potential post payout of 0.02 before the 7 day voting period.