non-deterministic Dependency Info Block makes builds not reproducible [268071369]

Assigned

Bug

Status Update

No update yet.

Description

fl...@obfusk.net

created issue #1

Feb 7, 2023 12:15PM

From https://developer.android.com/studio/build/dependencies#dependency-info-play:

When building your app using AGP 4.0.0 and higher, the plugin includes metadata that describes the library dependencies that are compiled into your app.

The "Dependency Info Block" this adds to the APK Signing Block turns out to be different every time a signed APK is built -- even if the signature and everything else is bit-by-bit identical -- making the build not reproducible.

If I make 2 copies of an unsigned APK and sign each separately with apksigner (using the same RSA key) I get 2 bit-by-bit identical signed APKs.

$ cp -i unsigned.apk signed-1.apk
$ cp -i unsigned.apk signed-2.apk
$ apksigner sign ... signed-1.apk
Signed
$ apksigner sign ... signed-2.apk
Signed
$ shasum signed-*.apk
f1d2d2f924e986ac86fdf7b36c94bcdf32beec15  signed-1.apk
f1d2d2f924e986ac86fdf7b36c94bcdf32beec15  signed-2.apk

But if I use Android Studio (or a Gradle signing config) to build a signed APK (from the same commit and using the same signing key), it will add the Dependency Info Block, which is not deterministic, and thus I never get bit-by-bit identical signed APKs.

Since this block is "encrypted by a Google Play signing key", I have no way of inspecting it to find out what is different every time.

Comments

ad...@google.com <ad...@google.com> Feb 7, 2023 09:56PM

Assigned to an...@google.com.

je...@google.com <je...@google.com> #2Feb 14, 2023 06:16PM

Reassigned to hu...@google.com.

looks like we might need to sort lists before creating the dependencies info file in PerModuleReportDependenciesTask

hu...@google.com <hu...@google.com> #3Feb 15, 2023 01:14PM

Reassigned to pa...@google.com.

After debugging, I've found that most of the signing pipeline is deterministic, except for the encryption algorithm in SdkDependencyDataGeneratorTask.

Switching to a deterministic encryption algorithm is possible but will be less secure, as explained at https://developers.google.com/tink/deterministic-encryption.

@Pankaj: What is your take on this issue?

Message last modified on Feb 15, 2023 01:20PM

le...@google.com <le...@google.com> #4Apr 27, 2023 10:30AM

Reassigned to mi...@google.com.

Thank you for the detailed analysis and sorry for the delayed answer!

Deterministic encryption makes sense to me, we'll run this option by the security team and see how we can make this backwards compatible.

ga...@google.com <ga...@google.com> #5Oct 24, 2023 04:31PM

Reassigned to ab...@google.com.

This bug is out of SLO for P1 bugs, minee@ can we please get an update on it?

Update: Reassigned based on Pierre's ask in chat.

Message last modified on Oct 25, 2023 09:03AM

ab...@google.com <ab...@google.com> #6Oct 25, 2023 10:52AM

Unfortunately, we have been unable to prioritize this till now. We do have a quarterly backlog process in the team and we can aim to prioritize this one in Q1.

Message last modified on Oct 25, 2023 10:53AM

ga...@google.com <ga...@google.com> #7Oct 25, 2023 11:06AM

Reducing priority to P2 as the AGP team cannot make this change on our own, and to match the priority of the team that owns this feature.

ab...@google.com <ab...@google.com> Jan 4, 2024 12:29PM

Reassigned to al...@google.com.

al...@google.com <al...@google.com> Dec 11, 2024 06:30PM

Status: New

hu...@google.com <hu...@google.com> #8Dec 11, 2024 07:03PM

Assigned to ab...@google.com.

@Abhijit: Could you help triage this issue / move it to the right bug component? Thanks!

ab...@google.com <ab...@google.com> #9Dec 12, 2024 07:30AM

Reassigned to ss...@google.com.

We have had a few re-orgs since the bug was filed. Passing it to Snezhana to triage.