OpenHub-Store
diff --git a/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AndroidInstallerInfoExtractor.kt‎
Lines changed: 44 additions & 5 deletions b/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AndroidInstallerInfoExtractor.kt‎
Lines changed: 44 additions & 5 deletions
diff --git a/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AutoUpdateWorker.kt‎
Lines changed: 47 additions & 39 deletions b/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AutoUpdateWorker.kt‎
Lines changed: 47 additions & 39 deletions
diff --git a/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/PackageEventReceiver.kt‎
Lines changed: 6 additions & 5 deletions b/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/PackageEventReceiver.kt‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/UpdateScheduler.kt‎
Lines changed: 1 addition & 17 deletions b/‎core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/UpdateScheduler.kt‎
Lines changed: 1 addition & 17 deletions
@@ -2,13 +2,15 @@ package zed.rainxch.core.data.services
 
 import android.content.Context
 import android.content.pm.PackageManager
+import android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES
 import android.os.Build
 import co.touchlab.kermit.Logger
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
 import zed.rainxch.core.domain.model.ApkPackageInfo
 import zed.rainxch.core.domain.system.InstallerInfoExtractor
 import java.io.File
+import java.security.MessageDigest
 
 class AndroidInstallerInfoExtractor(
     private val context: Context,
@@ -17,7 +19,11 @@ class AndroidInstallerInfoExtractor(
         withContext(Dispatchers.IO) {
             try {
                 val packageManager = context.packageManager
-                val flags = PackageManager.GET_META_DATA or PackageManager.GET_ACTIVITIES
+                val flags =
+                    PackageManager.GET_META_DATA or
+                        PackageManager.GET_ACTIVITIES or
+                        GET_SIGNING_CERTIFICATES
+
                 val packageInfo =
                     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
                         packageManager.getPackageArchiveInfo(
@@ -31,9 +37,11 @@ class AndroidInstallerInfoExtractor(
 
                 if (packageInfo == null) {
                     Logger.e {
-                        "Failed to parse APK at $filePath, file exists: ${File(
-                            filePath,
-                        ).exists()}, size: ${File(filePath).length()}"
+                        "Failed to parse APK at $filePath, file exists: ${
+                            File(
+                                filePath,
+                            ).exists()
+                        }, size: ${File(filePath).length()}"
                     }
                     return@withContext null
                 }
@@ -50,12 +58,43 @@ class AndroidInstallerInfoExtractor(
                         @Suppress("DEPRECATION")
                         packageInfo.versionCode.toLong()
                     }
+                val fingerprint: String? =
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+                        val sigInfo = packageInfo.signingInfo
+                        val certs =
+                            if (sigInfo?.hasMultipleSigners() == true) {
+                                sigInfo.apkContentsSigners
+                            } else {
+                                sigInfo?.signingCertificateHistory
+                            }
+                        certs?.firstOrNull()?.toByteArray()?.let { certBytes ->
+                            MessageDigest
+                                .getInstance("SHA-256")
+                                .digest(certBytes)
+                                .joinToString(":") { "%02X".format(it) }
+                        }
+                    } else {
+                        @Suppress("DEPRECATION")
+                        val legacyInfo =
+                            packageManager.getPackageArchiveInfo(
+                                filePath,
+                                PackageManager.GET_SIGNATURES,
+                            )
+                        @Suppress("DEPRECATION")
+                        legacyInfo?.signatures?.firstOrNull()?.toByteArray()?.let { certBytes ->
+                            MessageDigest
+                                .getInstance("SHA-256")
+                                .digest(certBytes)
+                                .joinToString(":") { "%02X".format(it) }
+                        }
+                    }
 
                 ApkPackageInfo(
+                    appName = appName,
                     packageName = packageInfo.packageName,
                     versionName = packageInfo.versionName ?: "unknown",
                     versionCode = versionCode,
-                    appName = appName,
+                    signingFingerprint = fingerprint,
                 )
             } catch (e: Exception) {
                 Logger.e { "Failed to extract APK info: ${e.message}, file: $filePath" }
 
@@ -18,14 +18,14 @@ import co.touchlab.kermit.Logger
 import kotlinx.coroutines.flow.first
 import org.koin.core.component.KoinComponent
 import org.koin.core.component.inject
+import zed.rainxch.core.data.services.shizuku.ShizukuServiceManager
+import zed.rainxch.core.data.services.shizuku.model.ShizukuStatus
 import zed.rainxch.core.domain.model.InstalledApp
 import zed.rainxch.core.domain.model.InstallerType
 import zed.rainxch.core.domain.network.Downloader
 import zed.rainxch.core.domain.repository.InstalledAppsRepository
 import zed.rainxch.core.domain.repository.ThemesRepository
 import zed.rainxch.core.domain.system.Installer
-import zed.rainxch.core.data.services.shizuku.ShizukuServiceManager
-import zed.rainxch.core.data.services.shizuku.ShizukuStatus
 
 /**
  * Background worker that automatically downloads and silently installs
@@ -46,21 +46,20 @@ class AutoUpdateWorker(
     private val themesRepository: ThemesRepository by inject()
     private val shizukuServiceManager: ShizukuServiceManager by inject()
 
-    override suspend fun doWork(): Result =
-        try {
+    override suspend fun doWork(): Result {
+        return try {
             Logger.i { "AutoUpdateWorker: Starting auto-update" }
 
-            // Double-check preferences (they may have changed since scheduling)
             val autoUpdateEnabled = themesRepository.getAutoUpdateEnabled().first()
             val installerType = themesRepository.getInstallerType().first()
 
-            // Refresh Shizuku status directly — don't rely on app-process cached state,
-            // since this worker may run in a cold process where listeners weren't initialized.
             shizukuServiceManager.refreshStatus()
             val shizukuReady = shizukuServiceManager.status.value == ShizukuStatus.READY
 
             if (!autoUpdateEnabled || installerType != InstallerType.SHIZUKU || !shizukuReady) {
-                Logger.i { "AutoUpdateWorker: Conditions not met (autoUpdate=$autoUpdateEnabled, installer=$installerType, shizuku=$shizukuReady), skipping" }
+                Logger.i {
+                    "AutoUpdateWorker: Conditions not met (autoUpdate=$autoUpdateEnabled, installer=$installerType, shizuku=$shizukuReady), skipping"
+                }
                 return Result.success()
             }
 
@@ -91,7 +90,6 @@ class AutoUpdateWorker(
                 } catch (e: Exception) {
                     failedApps.add(app.appName)
                     Logger.e { "AutoUpdateWorker: Failed to update ${app.appName}: ${e.message}" }
-                    // Clear pending status on failure
                     try {
                         installedAppsRepository.updatePendingStatus(app.packageName, false)
                     } catch (clearEx: Exception) {
@@ -100,7 +98,6 @@ class AutoUpdateWorker(
                 }
             }
 
-            // Show summary notification
             showSummaryNotification(successfulApps, failedApps)
 
             Logger.i { "AutoUpdateWorker: Completed. Success: ${successfulApps.size}, Failed: ${failedApps.size}" }
@@ -113,24 +110,28 @@ class AutoUpdateWorker(
                 Result.failure()
             }
         }
+    }
 
     private suspend fun updateApp(app: InstalledApp) {
-        val assetUrl = app.latestAssetUrl
-            ?: throw IllegalStateException("No asset URL for ${app.appName}")
-        val assetName = app.latestAssetName
-            ?: throw IllegalStateException("No asset name for ${app.appName}")
-        val latestVersion = app.latestVersion
-            ?: throw IllegalStateException("No latest version for ${app.appName}")
+        val assetUrl =
+            app.latestAssetUrl
+                ?: throw IllegalStateException("No asset URL for ${app.appName}")
+        val assetName =
+            app.latestAssetName
+                ?: throw IllegalStateException("No asset name for ${app.appName}")
+        val latestVersion =
+            app.latestVersion
+                ?: throw IllegalStateException("No latest version for ${app.appName}")
 
         val ext = assetName.substringAfterLast('.', "").lowercase()
 
-        // Check if we already have a valid downloaded file
         val existingPath = downloader.getDownloadedFilePath(assetName)
         if (existingPath != null) {
             val file = java.io.File(existingPath)
             try {
                 val apkInfo = installer.getApkInfoExtractor().extractPackageInfo(existingPath)
-                val normalizedExisting = apkInfo?.versionName?.removePrefix("v")?.removePrefix("V") ?: ""
+                val normalizedExisting =
+                    apkInfo?.versionName?.removePrefix("v")?.removePrefix("V") ?: ""
                 val normalizedLatest = latestVersion.removePrefix("v").removePrefix("V")
                 if (normalizedExisting != normalizedLatest) {
                     file.delete()
@@ -142,17 +143,17 @@ class AutoUpdateWorker(
             }
         }
 
-        // Download the APK
         Logger.d { "AutoUpdateWorker: Downloading $assetName for ${app.appName}" }
         downloader.download(assetUrl, assetName).collect { /* consume flow to completion */ }
 
-        val filePath = downloader.getDownloadedFilePath(assetName)
-            ?: throw IllegalStateException("Downloaded file not found for ${app.appName}")
+        val filePath =
+            downloader.getDownloadedFilePath(assetName)
+                ?: throw IllegalStateException("Downloaded file not found for ${app.appName}")
 
-        val apkInfo = installer.getApkInfoExtractor().extractPackageInfo(filePath)
-            ?: throw IllegalStateException("Failed to extract APK info for ${app.appName}")
+        val apkInfo =
+            installer.getApkInfoExtractor().extractPackageInfo(filePath)
+                ?: throw IllegalStateException("Failed to extract APK info for ${app.appName}")
 
-        // Mark as pending install
         val currentApp = installedAppsRepository.getAppByPackage(app.packageName)
         if (currentApp != null) {
             installedAppsRepository.updateApp(
@@ -167,7 +168,6 @@ class AutoUpdateWorker(
             )
         }
 
-        // Silent install via Shizuku (ShizukuInstallerWrapper handles the actual Shizuku call)
         Logger.d { "AutoUpdateWorker: Installing ${app.appName} via Shizuku" }
         try {
             installer.install(filePath, ext)
@@ -216,7 +216,6 @@ class AutoUpdateWorker(
         successfulApps: List<String>,
         failedApps: List<String>,
     ) {
-        // Check notification permission for API 33+
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
             val granted =
                 ContextCompat.checkSelfPermission(
@@ -228,17 +227,25 @@ class AutoUpdateWorker(
 
         if (successfulApps.isEmpty() && failedApps.isEmpty()) return
 
-        val title = when {
-            failedApps.isEmpty() -> "${successfulApps.size} app${if (successfulApps.size > 1) "s" else ""} updated"
-            successfulApps.isEmpty() -> "Failed to update ${failedApps.size} app${if (failedApps.size > 1) "s" else ""}"
-            else -> "${successfulApps.size} updated, ${failedApps.size} failed"
-        }
+        val title =
+            when {
+                failedApps.isEmpty() -> "${successfulApps.size} app${if (successfulApps.size > 1) "s" else ""} updated"
+                successfulApps.isEmpty() -> "Failed to update ${failedApps.size} app${if (failedApps.size > 1) "s" else ""}"
+                else -> "${successfulApps.size} updated, ${failedApps.size} failed"
+            }
 
-        val text = when {
-            failedApps.isEmpty() -> successfulApps.joinToString(", ")
-            successfulApps.isEmpty() -> failedApps.joinToString(", ")
-            else -> "Updated: ${successfulApps.joinToString(", ")}. Failed: ${failedApps.joinToString(", ")}"
-        }
+        val text =
+            when {
+                failedApps.isEmpty() -> successfulApps.joinToString(", ")
+
+                successfulApps.isEmpty() -> failedApps.joinToString(", ")
+
+                else -> "Updated: ${successfulApps.joinToString(", ")}. Failed: ${
+                    failedApps.joinToString(
+                        ", ",
+                    )
+                }"
+            }
 
         val launchIntent =
             applicationContext.packageManager
@@ -266,15 +273,16 @@ class AutoUpdateWorker(
                     } else {
                         android.R.drawable.stat_notify_error
                     },
-                )
-                .setContentTitle(title)
+                ).setContentTitle(title)
                 .setContentText(text)
                 .setPriority(NotificationCompat.PRIORITY_DEFAULT)
                 .setContentIntent(pendingIntent)
                 .setAutoCancel(true)
                 .build()
 
-        NotificationManagerCompat.from(applicationContext).notify(SUMMARY_NOTIFICATION_ID, notification)
+        NotificationManagerCompat
+            .from(applicationContext)
+            .notify(SUMMARY_NOTIFICATION_ID, notification)
     }
 
     companion object {
 
@@ -23,7 +23,9 @@ import zed.rainxch.core.domain.system.PackageMonitor
  * Uses [KoinComponent] for the no-arg constructor path (manifest-registered).
  * The constructor with explicit dependencies is used for dynamic registration.
  */
-class PackageEventReceiver() : BroadcastReceiver(), KoinComponent {
+class PackageEventReceiver() :
+    BroadcastReceiver(),
+    KoinComponent {
     private val installedAppsRepositoryKoin: InstalledAppsRepository by inject()
     private val packageMonitorKoin: PackageMonitor by inject()
 
@@ -41,11 +43,9 @@ class PackageEventReceiver() : BroadcastReceiver(), KoinComponent {
         this.explicitMonitor = packageMonitor
     }
 
-    private fun getRepository(): InstalledAppsRepository =
-        explicitRepository ?: installedAppsRepositoryKoin
+    private fun getRepository(): InstalledAppsRepository = explicitRepository ?: installedAppsRepositoryKoin
 
-    private fun getMonitor(): PackageMonitor =
-        explicitMonitor ?: packageMonitorKoin
+    private fun getMonitor(): PackageMonitor = explicitMonitor ?: packageMonitorKoin
 
     override fun onReceive(
         context: Context?,
@@ -94,6 +94,7 @@ class PackageEventReceiver() : BroadcastReceiver(), KoinComponent {
                             newAssetUrl = app.latestAssetUrl ?: "",
                             newVersionName = systemInfo.versionName,
                             newVersionCode = systemInfo.versionCode,
+                            signingFingerprint = app.signingFingerprint,
                         )
                         repo.updatePendingStatus(packageName, false)
                         Logger.i { "Update confirmed via broadcast: $packageName (v${systemInfo.versionName})" }
 
@@ -37,8 +37,6 @@ object UpdateScheduler {
                     TimeUnit.MINUTES,
                 ).build()
 
-        // KEEP preserves the existing schedule so reopening the app doesn't reset the timer.
-        // The schedule is only created fresh on first install or after cancel().
         WorkManager
             .getInstance(context)
             .enqueueUniquePeriodicWork(
@@ -47,10 +45,6 @@ object UpdateScheduler {
                 request = request,
             )
 
-        // Run an immediate one-time check so users get notified sooner
-        // rather than waiting up to intervalHours for the first periodic run.
-        // Uses REPLACE so each app launch gets a fresh check (the previous one-time
-        // work may have already completed).
         val immediateRequest =
             OneTimeWorkRequestBuilder<UpdateCheckWorker>()
                 .setConstraints(constraints)
@@ -68,11 +62,6 @@ object UpdateScheduler {
         Logger.i { "UpdateScheduler: Scheduled periodic update check every ${intervalHours}h + immediate check" }
     }
 
-    /**
-     * Force-reschedules the periodic update check with a new interval.
-     * Uses UPDATE policy to replace the existing schedule immediately.
-     * Call this when the user changes the update check interval in settings.
-     */
     fun reschedule(
         context: Context,
         intervalHours: Long,
@@ -105,10 +94,6 @@ object UpdateScheduler {
         Logger.i { "UpdateScheduler: Rescheduled periodic update check to every ${intervalHours}h" }
     }
 
-    /**
-     * Enqueues a one-time [AutoUpdateWorker] to download and silently install
-     * all available updates via Shizuku. Uses KEEP policy to avoid duplicate runs.
-     */
     fun scheduleAutoUpdate(context: Context) {
         val constraints =
             Constraints
@@ -123,8 +108,7 @@ object UpdateScheduler {
                     BackoffPolicy.EXPONENTIAL,
                     15,
                     TimeUnit.MINUTES,
-                )
-                .build()
+                ).build()
 
         WorkManager
             .getInstance(context)