feat: implement package name and signing key validation for updates

rainxchzed · rainxchzed · commit 6bef2aacfd34 · 2026-03-18T11:58:43.000+05:00
- Add validation logic to `DetailsViewModel` to ensure the downloaded APK package name matches the installed application before proceeding with an update.
- Enhance `AutoUpdateWorker` to perform package name verification, throwing an exception and skipping the update if a mismatch is detected.
- Introduce new localized string resources for "Package mismatch" and "Signing key mismatch" errors across multiple languages (Arabic, Bengali, Chinese, English, French, Hindi, Italian, Japanese, Korean, Polish, Russian, Spanish, Turkish).
- Update error handling UI to display specific mismatch messages and block invalid updates.
diff --git a/core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AutoUpdateWorker.kt b/core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AutoUpdateWorker.kt
@@ -154,6 +154,18 @@ class AutoUpdateWorker(
             installer.getApkInfoExtractor().extractPackageInfo(filePath)
                 ?: throw IllegalStateException("Failed to extract APK info for ${app.appName}")
 
+        // Validate package name matches
+        if (apkInfo.packageName != app.packageName) {
+            Logger.e {
+                "AutoUpdateWorker: Package name mismatch for ${app.appName}! " +
+                    "Expected: ${app.packageName}, got: ${apkInfo.packageName}. " +
+                    "Skipping auto-update."
+            }
+            throw IllegalStateException(
+                "Package name mismatch for ${app.appName}: expected ${app.packageName}, got ${apkInfo.packageName}",
+            )
+        }
+
         val currentApp = installedAppsRepository.getAppByPackage(app.packageName)
 
         if (currentApp?.signingFingerprint != null) {
diff --git a/core/presentation/src/commonMain/composeResources/values-ar/strings-ar.xml b/core/presentation/src/commonMain/composeResources/values-ar/strings-ar.xml
@@ -581,4 +581,6 @@
     <string name="translation_error_retry">إعادة المحاولة</string>
     <string name="translated_from">اكتشاف تلقائي: %1$s</string>
     <string name="select_language">اختر اللغة</string>
+    <string name="update_package_mismatch">عدم تطابق الحزمة: ملف APK هو %1$s، لكن التطبيق المثبت هو %2$s. تم حظر التحديث.</string>
+    <string name="update_signing_key_mismatch">عدم تطابق مفتاح التوقيع: تم توقيع التحديث بواسطة مطور مختلف. تم حظر التحديث.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-bn/strings-bn.xml b/core/presentation/src/commonMain/composeResources/values-bn/strings-bn.xml
@@ -580,4 +580,6 @@
     <string name="translation_error_retry">পুনরায় চেষ্টা</string>
     <string name="translated_from">স্বয়ংক্রিয়ভাবে শনাক্ত: %1$s</string>
     <string name="select_language">ভাষা নির্বাচন করুন</string>
+    <string name="update_package_mismatch">প্যাকেজ অমিল: APK হলো %1$s, কিন্তু ইনস্টল করা অ্যাপ হলো %2$s। আপডেট ব্লক করা হয়েছে।</string>
+    <string name="update_signing_key_mismatch">সাইনিং কী অমিল: আপডেটটি একজন ভিন্ন ডেভেলপার দ্বারা সাইন করা হয়েছে। আপডেট ব্লক করা হয়েছে।</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-es/strings-es.xml b/core/presentation/src/commonMain/composeResources/values-es/strings-es.xml
@@ -541,4 +541,6 @@
     <string name="translation_error_retry">Reintentar</string>
     <string name="translated_from">Detectado automáticamente: %1$s</string>
     <string name="select_language">Seleccionar idioma</string>
+    <string name="update_package_mismatch">Paquete no coincide: el APK es %1$s, pero la aplicación instalada es %2$s. Actualización bloqueada.</string>
+    <string name="update_signing_key_mismatch">Clave de firma no coincide: la actualización fue firmada por un desarrollador diferente. Actualización bloqueada.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-fr/strings-fr.xml b/core/presentation/src/commonMain/composeResources/values-fr/strings-fr.xml
@@ -542,4 +542,6 @@
     <string name="translation_error_retry">Réessayer</string>
     <string name="translated_from">Détection automatique : %1$s</string>
     <string name="select_language">Sélectionner la langue</string>
+    <string name="update_package_mismatch">Incompatibilité de paquet : l\'APK est %1$s, mais l\'application installée est %2$s. Mise à jour bloquée.</string>
+    <string name="update_signing_key_mismatch">Incompatibilité de clé de signature : la mise à jour a été signée par un développeur différent. Mise à jour bloquée.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-hi/strings-hi.xml b/core/presentation/src/commonMain/composeResources/values-hi/strings-hi.xml
@@ -580,4 +580,6 @@
     <string name="translation_error_retry">पुनः प्रयास</string>
     <string name="translated_from">स्वतः पहचाना गया: %1$s</string>
     <string name="select_language">भाषा चुनें</string>
+    <string name="update_package_mismatch">पैकेज मेल नहीं खाता: APK %1$s है, लेकिन इंस्टॉल किया गया ऐप %2$s है। अपडेट ब्लॉक किया गया।</string>
+    <string name="update_signing_key_mismatch">साइनिंग कुंजी मेल नहीं खाती: अपडेट किसी अन्य डेवलपर द्वारा साइन किया गया था। अपडेट ब्लॉक किया गया।</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-it/strings-it.xml b/core/presentation/src/commonMain/composeResources/values-it/strings-it.xml
@@ -580,4 +580,6 @@
     <string name="translation_error_retry">Riprova</string>
     <string name="translated_from">Rilevato automaticamente: %1$s</string>
     <string name="select_language">Seleziona lingua</string>
+    <string name="update_package_mismatch">Pacchetto non corrispondente: l\'APK è %1$s, ma l\'app installata è %2$s. Aggiornamento bloccato.</string>
+    <string name="update_signing_key_mismatch">Chiave di firma non corrispondente: l\'aggiornamento è stato firmato da uno sviluppatore diverso. Aggiornamento bloccato.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-ja/strings-ja.xml b/core/presentation/src/commonMain/composeResources/values-ja/strings-ja.xml
@@ -542,4 +542,6 @@
     <string name="translation_error_retry">再試行</string>
     <string name="translated_from">自動検出：%1$s</string>
     <string name="select_language">言語を選択</string>
+    <string name="update_package_mismatch">パッケージの不一致: APKは%1$sですが、インストール済みアプリは%2$sです。更新がブロックされました。</string>
+    <string name="update_signing_key_mismatch">署名キーの不一致: 更新は別の開発者によって署名されています。更新がブロックされました。</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-ko/strings-ko.xml b/core/presentation/src/commonMain/composeResources/values-ko/strings-ko.xml
@@ -577,4 +577,6 @@
     <string name="translation_error_retry">재시도</string>
     <string name="translated_from">자동 감지: %1$s</string>
     <string name="select_language">언어 선택</string>
+    <string name="update_package_mismatch">패키지 불일치: APK는 %1$s이지만 설치된 앱은 %2$s입니다. 업데이트가 차단되었습니다.</string>
+    <string name="update_signing_key_mismatch">서명 키 불일치: 업데이트가 다른 개발자에 의해 서명되었습니다. 업데이트가 차단되었습니다.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-pl/strings-pl.xml b/core/presentation/src/commonMain/composeResources/values-pl/strings-pl.xml
@@ -544,4 +544,6 @@
     <string name="translation_error_retry">Ponów</string>
     <string name="translated_from">Wykryto automatycznie: %1$s</string>
     <string name="select_language">Wybierz język</string>
+    <string name="update_package_mismatch">Niezgodność pakietu: APK to %1$s, ale zainstalowana aplikacja to %2$s. Aktualizacja zablokowana.</string>
+    <string name="update_signing_key_mismatch">Niezgodność klucza podpisu: aktualizacja została podpisana przez innego programistę. Aktualizacja zablokowana.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-ru/strings-ru.xml b/core/presentation/src/commonMain/composeResources/values-ru/strings-ru.xml
@@ -544,4 +544,6 @@
     <string name="translation_error_retry">Повторить</string>
     <string name="translated_from">Автоопределение: %1$s</string>
     <string name="select_language">Выбрать язык</string>
+    <string name="update_package_mismatch">Несоответствие пакета: APK — %1$s, но установленное приложение — %2$s. Обновление заблокировано.</string>
+    <string name="update_signing_key_mismatch">Несоответствие ключа подписи: обновление подписано другим разработчиком. Обновление заблокировано.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-tr/strings-tr.xml b/core/presentation/src/commonMain/composeResources/values-tr/strings-tr.xml
@@ -578,4 +578,6 @@
     <string name="translation_error_retry">Tekrar dene</string>
     <string name="translated_from">Otomatik algılanan: %1$s</string>
     <string name="select_language">Dil seçin</string>
+    <string name="update_package_mismatch">Paket uyumsuzluğu: APK %1$s, ancak yüklü uygulama %2$s. Güncelleme engellendi.</string>
+    <string name="update_signing_key_mismatch">İmza anahtarı uyumsuzluğu: güncelleme farklı bir geliştirici tarafından imzalanmış. Güncelleme engellendi.</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values-zh-rCN/strings-zh-rCN.xml b/core/presentation/src/commonMain/composeResources/values-zh-rCN/strings-zh-rCN.xml
@@ -543,4 +543,6 @@
     <string name="translation_error_retry">重试</string>
     <string name="translated_from">自动检测：%1$s</string>
     <string name="select_language">选择语言</string>
+    <string name="update_package_mismatch">包名不匹配：APK 为 %1$s，但已安装的应用为 %2$s。更新已阻止。</string>
+    <string name="update_signing_key_mismatch">签名密钥不匹配：更新由不同的开发者签名。更新已阻止。</string>
 </resources>
diff --git a/core/presentation/src/commonMain/composeResources/values/strings.xml b/core/presentation/src/commonMain/composeResources/values/strings.xml
@@ -581,4 +581,6 @@
     <string name="imported_apps_summary">Imported %1$d apps</string>
     <string name="imported_skipped">, %1$d skipped</string>
     <string name="imported_failed">, %1$d failed</string>
+    <string name="update_package_mismatch">Package mismatch: the APK is %1$s, but the installed app is %2$s. Update blocked.</string>
+    <string name="update_signing_key_mismatch">Signing key mismatch: the update was signed by a different developer. Update blocked.</string>
 </resources>
diff --git a/feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsViewModel.kt b/feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsViewModel.kt
@@ -61,6 +61,7 @@ import zed.rainxch.githubstore.core.presentation.res.link_copied_to_clipboard
 import zed.rainxch.githubstore.core.presentation.res.rate_limit_exceeded
 import zed.rainxch.githubstore.core.presentation.res.removed_from_favourites
 import zed.rainxch.githubstore.core.presentation.res.translation_failed
+import zed.rainxch.githubstore.core.presentation.res.update_package_mismatch
 import java.io.File
 import java.io.FileInputStream
 import java.security.MessageDigest
@@ -1117,6 +1118,28 @@ class DetailsViewModel(
                 return
             }
 
+            // Validate package name matches on updates
+            val trackedApp = _state.value.installedApp
+            if (isUpdate && trackedApp != null && apkInfo.packageName != trackedApp.packageName) {
+                logger.error("Package name mismatch on update: APK=${apkInfo.packageName}, installed=${trackedApp.packageName}")
+                _state.value = _state.value.copy(
+                    downloadStage = DownloadStage.IDLE,
+                    installError = getString(
+                        Res.string.update_package_mismatch,
+                        apkInfo.packageName,
+                        trackedApp.packageName,
+                    ),
+                )
+                currentAssetName = null
+                appendLog(
+                    assetName = assetName,
+                    size = sizeBytes,
+                    tag = releaseTag,
+                    result = Error("Package name mismatch"),
+                )
+                return
+            }
+
             val result =
                 checkFingerprints(
                     apkPackageInfo = apkInfo,
