Hello Verus Mobile Team 👋
I'm Danny, with the WalletScrutiny.com team.
We’re excited to let you know that WalletScrutiny will soon add your Android wallet, with Google Play app ID: "org.autonomoussoftwarefoundation.verusmobile.android" in our list of apps due to be verified for reproducibility.
Where to View & Contribute
Once my merge request is approved, you would be able to add your own attestation here:
- walletscrutiny.com/android/org.autonomoussoftwarefoundation.verusmobile.android
Feel free to drop in security notes, CI insights, or reproducible build instructions or any other context you’d like prospective auditors to see.
Our methodology.
Why Reproducibility Matters
Reproducible Builds ensure that “given the same source code, build environment and build instructions, any party can recreate bit-for-bit identical copies of all specified artifacts” Definition: Wikipedia. By publishing your reproducible build results, you bolster community trust and set a strong countermeasure against supply-chain tampering.
reproducible-builds.org
Example in Action: Bitkey App’s Android Verification
For a hands-on demonstration, see how Bitkey automates building and verifying its Android APKs step-by-step:
https://github.com/proto-at-block/bitkey/blob/main/app/verifiable-build/android/README.md
Their scripts pull an APK off a device, rebuild locally in CI, then diff the results—all in one workflow. With sufficient build instructions, independent builders could apply the same approach to Verus Mobile. And you could also do so yourself!
We look forward to showcasing your project’s integrity on WalletScrutiny! If you have questions or want to co-author the attestation, just let us know.
Kind Regards,
Daniel Garcia
walletscrutiny.com
Hello Verus Mobile Team 👋
I'm Danny, with the WalletScrutiny.com team.
We’re excited to let you know that WalletScrutiny will soon add your Android wallet, with Google Play app ID: "org.autonomoussoftwarefoundation.verusmobile.android" in our list of apps due to be verified for reproducibility.
Where to View & Contribute
Once my merge request is approved, you would be able to add your own attestation here:
Feel free to drop in security notes, CI insights, or reproducible build instructions or any other context you’d like prospective auditors to see.
Our methodology.
Why Reproducibility Matters
Reproducible Builds ensure that “given the same source code, build environment and build instructions, any party can recreate bit-for-bit identical copies of all specified artifacts” Definition: Wikipedia. By publishing your reproducible build results, you bolster community trust and set a strong countermeasure against supply-chain tampering.
reproducible-builds.org
Example in Action: Bitkey App’s Android Verification
For a hands-on demonstration, see how Bitkey automates building and verifying its Android APKs step-by-step:
https://github.com/proto-at-block/bitkey/blob/main/app/verifiable-build/android/README.md
Their scripts pull an APK off a device, rebuild locally in CI, then diff the results—all in one workflow. With sufficient build instructions, independent builders could apply the same approach to Verus Mobile. And you could also do so yourself!
We look forward to showcasing your project’s integrity on WalletScrutiny! If you have questions or want to co-author the attestation, just let us know.
Kind Regards,
Daniel Garcia
walletscrutiny.com