Gregory's Server
Great to see you're adopting some of the #security features we've implemented earlier this year at #IzzyOnDroid @fdroidorg! Maybe you want to check our documentation on them?
https://android.izzysoft.de/articles/named/iod-scan-apkchecks
* it's SIGNING blocks, not FROSTING blocks
* MEITUAN is about payload, not metadata
* there's no fixed number of blocks as your code assumes (https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1548/diffs)
The article you link to (https://bi-zone.medium.com/easter-egg-in-apk-files-what-is-frosting-f356aa9f4d1) tells you the same :wink:
@fdroidorg Only what you call "Google metadata" (0x2146444E) is the Google Play Frosting Block, neither the DEPENDENCY_INFO_BLOCK (0x504b4453) nor the MEITUAN_APK_CHANNEL_BLOCK (0x71777777) are. And Meituan calls their block Payload themselves:
https://github.com/search?q=repo%3AMeituan-Dianping%2Fwalle%20APK_CHANNEL_BLOCK_ID&type=code