feat: implement signing key verification and warning dialogs

- Add `SigningKeyWarning` model and update `DetailsState` to handle certificate mismatch scenarios
- Implement a warning dialog in `DetailsRoot` that displays expected vs. actual fingerprints when a signing key change is detected
- Add `OnDismissSigningKeyWarning` and `OnOverrideSigningKeyWarning` actions to `DetailsViewModel` to allow users to bypass the warning
- Update `AutoUpdateWorker` to block automatic updates if the APK signing key has changed
- Enhance `DetailsViewModel` to extract and verify APK package info/fingerprints before installation
- Include the app's own SHA-256 fingerprint when saving its installation state in `GithubStoreApp`
- Bump database version to 5 and add migration `MIGRATION_4_5`
- Add localized string resources for signing key change titles, messages, and override actions
- Minor cleanup of string concatenation logic in `AppsViewModel`

Author: rainxchzed

composeApp/src/androidMain/kotlin/zed/rainxch/githubstore/app/GithubStoreApp.kt

@@ -144,6 +144,7 @@ class GithubStoreApp : Application() {
                         isPendingInstall = false,
                         installedVersionName = versionName,
                         installedVersionCode = versionCode,
+                        signingFingerprint = SELF_SHA256_FINGERPRINT,
                     )
 
                 repo.saveInstalledApp(selfApp)
@@ -156,6 +157,9 @@ class GithubStoreApp : Application() {
 
     companion object {
         private const val SELF_REPO_ID = 1101281251L
+        private const val SELF_SHA256_FINGERPRINT =
+            @Suppress("ktlint:standard:max-line-length")
+            "B7:F2:8E:19:8E:48:C1:93:B0:38:C6:5D:92:DD:F7:BC:07:7B:0D:B5:9E:BC:9B:25:0A:6D:AC:48:C1:18:03:CA"
         private const val SELF_REPO_OWNER = "OpenHub-Store"
         private const val SELF_REPO_NAME = "GitHub-Store"
         private const val SELF_AVATAR_URL =

core/data/src/androidMain/kotlin/zed/rainxch/core/data/local/db/initDatabase.kt

@@ -6,6 +6,7 @@ import kotlinx.coroutines.Dispatchers
 import zed.rainxch.core.data.local.db.migrations.MIGRATION_1_2
 import zed.rainxch.core.data.local.db.migrations.MIGRATION_2_3
 import zed.rainxch.core.data.local.db.migrations.MIGRATION_3_4
+import zed.rainxch.core.data.local.db.migrations.MIGRATION_4_5
 
 fun initDatabase(context: Context): AppDatabase {
     val appContext = context.applicationContext
@@ -19,5 +20,6 @@ fun initDatabase(context: Context): AppDatabase {
             MIGRATION_1_2,
             MIGRATION_2_3,
             MIGRATION_3_4,
+            MIGRATION_4_5,
         ).build()
 }

core/data/src/androidMain/kotlin/zed/rainxch/core/data/services/AutoUpdateWorker.kt

@@ -155,6 +155,21 @@ class AutoUpdateWorker(
                 ?: throw IllegalStateException("Failed to extract APK info for ${app.appName}")
 
         val currentApp = installedAppsRepository.getAppByPackage(app.packageName)
+
+        // TOFU: Block auto-update if signing key changed
+        if (currentApp != null &&
+            currentApp.signingFingerprint != null &&
+            apkInfo.signingFingerprint != null &&
+            currentApp.signingFingerprint != apkInfo.signingFingerprint
+        ) {
+            Logger.e {
+                "AutoUpdateWorker: Signing key mismatch for ${app.appName}! " +
+                    "Expected: ${currentApp.signingFingerprint}, got: ${apkInfo.signingFingerprint}. " +
+                    "Skipping auto-update."
+            }
+            throw IllegalStateException("Signing key changed for ${app.appName}, blocking auto-update")
+        }
+
         if (currentApp != null) {
             installedAppsRepository.updateApp(
                 currentApp.copy(

core/data/src/commonMain/kotlin/zed/rainxch/core/data/local/db/AppDatabase.kt

@@ -21,7 +21,7 @@ import zed.rainxch.core.data.local.db.entities.UpdateHistoryEntity
         StarredRepositoryEntity::class,
         CacheEntryEntity::class,
     ],
-    version = 4,
+    version = 5,
     exportSchema = true,
 )
 abstract class AppDatabase : RoomDatabase() {

core/presentation/src/commonMain/composeResources/values/strings.xml

@@ -204,6 +204,9 @@
     <string name="downgrade_requires_uninstall">Downgrade requires uninstall</string>
     <string name="downgrade_warning_message">Installing version %1$s requires uninstalling the current version (%2$s) first. Your app data will be lost.</string>
     <string name="uninstall_first">Uninstall first</string>
+    <string name="signing_key_changed_title">Signing key changed</string>
+    <string name="signing_key_changed_message">The signing certificate for this app has changed since it was first installed.\n\nThis could mean the developer rotated their signing key, or the binary may have been tampered with.\n\nExpected: %1$s\nReceived: %2$s</string>
+    <string name="install_anyway">Install anyway</string>
     <string name="install_version">Install %1$s</string>
     <string name="failed_to_open_app">Failed to open %1$s</string>
     <string name="failed_to_uninstall">Failed to uninstall %1$s</string>

feature/apps/presentation/src/commonMain/kotlin/zed/rainxch/apps/presentation/AppsViewModel.kt

@@ -856,12 +856,8 @@ class AppsViewModel(
             _events.send(
                 AppsEvent.ShowSuccess(
                     "Imported ${result.imported} apps" +
-                        if (result.skipped > 0) {
-                            ", ${result.skipped} skipped"
-                        } else {
-                            "" +
-                                if (result.failed > 0) ", ${result.failed} failed" else ""
-                        },
+                        (if (result.skipped > 0) ", ${result.skipped} skipped" else "") +
+                        (if (result.failed > 0) ", ${result.failed} failed" else ""),
                 ),
             )
         } catch (e: Exception) {

feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsAction.kt

@@ -13,6 +13,10 @@ sealed interface DetailsAction {
 
     data object OnDismissDowngradeWarning : DetailsAction
 
+    data object OnDismissSigningKeyWarning : DetailsAction
+
+    data object OnOverrideSigningKeyWarning : DetailsAction
+
     data object UninstallApp : DetailsAction
     data object OnRequestUninstall : DetailsAction
     data object OnDismissUninstallConfirmation : DetailsAction

feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsRoot.kt

@@ -76,6 +76,9 @@ import zed.rainxch.githubstore.core.presentation.res.Res
 import zed.rainxch.githubstore.core.presentation.res.add_to_favourites
 import zed.rainxch.githubstore.core.presentation.res.cancel
 import zed.rainxch.githubstore.core.presentation.res.confirm_uninstall_message
+import zed.rainxch.githubstore.core.presentation.res.install_anyway
+import zed.rainxch.githubstore.core.presentation.res.signing_key_changed_message
+import zed.rainxch.githubstore.core.presentation.res.signing_key_changed_title
 import zed.rainxch.githubstore.core.presentation.res.confirm_uninstall_title
 import zed.rainxch.githubstore.core.presentation.res.dismiss
 import zed.rainxch.githubstore.core.presentation.res.downgrade_requires_uninstall
@@ -192,6 +195,53 @@ fun DetailsRoot(
         )
     }
 
+    // Signing key changed warning dialog
+    state.signingKeyWarning?.let { warning ->
+        AlertDialog(
+            onDismissRequest = {
+                viewModel.onAction(DetailsAction.OnDismissSigningKeyWarning)
+            },
+            title = {
+                Text(
+                    text = stringResource(Res.string.signing_key_changed_title),
+                )
+            },
+            text = {
+                Text(
+                    text =
+                        stringResource(
+                            Res.string.signing_key_changed_message,
+                            warning.expectedFingerprint.take(19),
+                            warning.actualFingerprint.take(19),
+                        ),
+                )
+            },
+            confirmButton = {
+                TextButton(
+                    onClick = {
+                        viewModel.onAction(DetailsAction.OnOverrideSigningKeyWarning)
+                    },
+                ) {
+                    Text(
+                        text = stringResource(Res.string.install_anyway),
+                        color = MaterialTheme.colorScheme.error,
+                    )
+                }
+            },
+            dismissButton = {
+                TextButton(
+                    onClick = {
+                        viewModel.onAction(DetailsAction.OnDismissSigningKeyWarning)
+                    },
+                ) {
+                    Text(
+                        text = stringResource(Res.string.cancel),
+                    )
+                }
+            },
+        )
+    }
+
     // Uninstall confirmation dialog
     if (state.showUninstallConfirmation) {
         val appName = state.installedApp?.appName ?: ""

feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsState.kt

@@ -9,6 +9,7 @@ import zed.rainxch.core.domain.model.SystemArchitecture
 import zed.rainxch.details.domain.model.ReleaseCategory
 import zed.rainxch.details.domain.model.RepoStats
 import zed.rainxch.details.presentation.model.DowngradeWarning
+import zed.rainxch.details.presentation.model.SigningKeyWarning
 import zed.rainxch.details.presentation.model.DownloadStage
 import zed.rainxch.details.presentation.model.InstallLogItem
 import zed.rainxch.details.presentation.model.TranslationState
@@ -59,6 +60,7 @@ data class DetailsState(
     val deviceLanguageCode: String = "en",
     val isComingFromUpdate: Boolean = false,
     val downgradeWarning: DowngradeWarning? = null,
+    val signingKeyWarning: SigningKeyWarning? = null,
     val showExternalInstallerPrompt: Boolean = false,
     val pendingInstallFilePath: String? = null,
     val showUninstallConfirmation: Boolean = false,

feature/details/presentation/src/commonMain/kotlin/zed/rainxch/details/presentation/DetailsViewModel.kt

@@ -47,6 +47,7 @@ import zed.rainxch.details.presentation.model.DownloadStage
 import zed.rainxch.details.presentation.model.InstallLogItem
 import zed.rainxch.details.presentation.model.LogResult
 import zed.rainxch.details.presentation.model.LogResult.Error
+import zed.rainxch.details.presentation.model.SigningKeyWarning
 import zed.rainxch.details.presentation.model.SupportedLanguages
 import zed.rainxch.details.presentation.model.TranslationState
 import zed.rainxch.githubstore.core.presentation.res.Res
@@ -361,6 +362,55 @@ class DetailsViewModel(
                 }
             }
 
+            DetailsAction.OnDismissSigningKeyWarning -> {
+                _state.update {
+                    it.copy(
+                        signingKeyWarning = null,
+                        downloadStage = DownloadStage.IDLE,
+                    )
+                }
+                currentAssetName = null
+            }
+
+            DetailsAction.OnOverrideSigningKeyWarning -> {
+                val warning = _state.value.signingKeyWarning ?: return
+                _state.update { it.copy(signingKeyWarning = null) }
+                viewModelScope.launch {
+                    try {
+                        val ext = warning.pendingAssetName.substringAfterLast('.', "").lowercase()
+                        installer.install(warning.pendingFilePath, ext)
+
+                        if (platform == Platform.ANDROID) {
+                            saveInstalledAppToDatabase(
+                                assetName = warning.pendingAssetName,
+                                assetUrl = warning.pendingDownloadUrl,
+                                assetSize = warning.pendingSizeBytes,
+                                releaseTag = warning.pendingReleaseTag,
+                                isUpdate = warning.pendingIsUpdate,
+                                filePath = warning.pendingFilePath,
+                            )
+                        }
+
+                        _state.value = _state.value.copy(downloadStage = DownloadStage.IDLE)
+                        currentAssetName = null
+                        appendLog(
+                            assetName = warning.pendingAssetName,
+                            size = warning.pendingSizeBytes,
+                            tag = warning.pendingReleaseTag,
+                            result = if (warning.pendingIsUpdate) LogResult.Updated else LogResult.Installed,
+                        )
+                    } catch (t: Throwable) {
+                        logger.error("Install after override failed: ${t.message}")
+                        _state.value =
+                            _state.value.copy(
+                                downloadStage = DownloadStage.IDLE,
+                                installError = t.message,
+                            )
+                        currentAssetName = null
+                    }
+                }
+            }
+
             DetailsAction.InstallPrimary -> {
                 val primary = _state.value.primaryAsset
                 val release = _state.value.selectedRelease
@@ -1012,6 +1062,8 @@ class DetailsViewModel(
                         sizeBytes = sizeBytes,
                         releaseTag = releaseTag,
                     )
+                } catch (e: kotlinx.coroutines.CancellationException) {
+                    throw e
                 } catch (t: Throwable) {
                     logger.error("Install failed: ${t.message}")
                     t.printStackTrace()
@@ -1040,39 +1092,63 @@ class DetailsViewModel(
         releaseTag: String,
     ) {
         _state.value = _state.value.copy(downloadStage = DownloadStage.INSTALLING)
-        val apkInfo = installer.getApkInfoExtractor().extractPackageInfo(filePath)
-        if (apkInfo != null) {
-            ApkPackageInfo(
-                packageName = apkInfo.packageName,
-                appName = apkInfo.appName,
-                versionName = apkInfo.versionName,
-                versionCode = apkInfo.versionCode,
-                signingFingerprint = apkInfo.signingFingerprint,
-            )
-        } else {
-            logger.error("Failed to extract APK info for $assetName")
-        }
 
-        apkInfo?.let {
+        val ext = assetName.substringAfterLast('.', "").lowercase()
+        val isApk = ext == "apk"
+
+        if (isApk) {
+            val apkInfo = installer.getApkInfoExtractor().extractPackageInfo(filePath)
+            if (apkInfo == null) {
+                logger.error("Failed to extract APK info for $assetName")
+                _state.value = _state.value.copy(
+                    downloadStage = DownloadStage.IDLE,
+                    installError = "Failed to verify APK package info",
+                )
+                currentAssetName = null
+                appendLog(
+                    assetName = assetName,
+                    size = sizeBytes,
+                    tag = releaseTag,
+                    result = Error("Failed to extract APK info"),
+                )
+                return
+            }
+
             val result =
                 checkFingerprints(
                     apkPackageInfo = apkInfo,
                 )
 
             result
                 .onFailure {
+                    val existingApp =
+                        installedAppsRepository.getAppByPackage(apkInfo.packageName)
+                    _state.update { state ->
+                        state.copy(
+                            signingKeyWarning =
+                                SigningKeyWarning(
+                                    packageName = apkInfo.packageName,
+                                    expectedFingerprint = existingApp?.signingFingerprint ?: "",
+                                    actualFingerprint = apkInfo.signingFingerprint ?: "",
+                                    pendingDownloadUrl = downloadUrl,
+                                    pendingAssetName = assetName,
+                                    pendingSizeBytes = sizeBytes,
+                                    pendingReleaseTag = releaseTag,
+                                    pendingIsUpdate = isUpdate,
+                                    pendingFilePath = filePath,
+                                ),
+                        )
+                    }
                     appendLog(
                         assetName = assetName,
                         size = sizeBytes,
                         tag = releaseTag,
-                        result = Error("Fingerprints does not match!"),
+                        result = Error("Signing key changed"),
                     )
-
                     return
                 }
         }
 
-        val ext = assetName.substringAfterLast('.', "").lowercase()
         installer.install(filePath, ext)
 
         if (platform == Platform.ANDROID) {