android: update p4a ref

SomberNight · SomberNight · commit af18df10f6fc · 2024-10-14T16:07:55.000Z
- to include spesmilo/python-for-android@d4432ec see #9215 (comment) - and add a fixme to revisit apkdiff re horrors beyond my comprehension
diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile
@@ -190,7 +190,7 @@ RUN cd /opt \
     && /opt/venv/bin/python3 -m pip install --no-build-isolation --no-dependencies -e .
 
 # install python-for-android
-ENV P4A_CHECKOUT_COMMIT="7197c1c28409fbeebd8494093349a2bfd770526a"
+ENV P4A_CHECKOUT_COMMIT="d4432ec8d07b8521465d6daddd55046fc0413599"
 # ^ from branch electrum_20240930 (note: careful with force-pushing! see #8162)
 RUN cd /opt \
     && git clone https://github.com/spesmilo/python-for-android \
diff --git a/contrib/android/apkdiff.py b/contrib/android/apkdiff.py
@@ -4,6 +4,14 @@
 import sys
 from zipfile import ZipFile
 
+
+# FIXME it is possible to hide data in the apk signing block - and then the application
+#       can introspect itself at runtime and access that, even execute it as code... :/
+#       see https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block
+#           https://android.izzysoft.de/articles/named/iod-scan-apkchecks
+#           https://github.com/obfusk/sigblock-code-poc
+#       I think if the app did this kind of introspection, that should be caught by code review,
+#       but still, note that with this current diff script it is possible to smuggle data in the apk.
 class ApkDiff:
     IGNORE_FILES = ["META-INF/MANIFEST.MF", "META-INF/CERT.RSA", "META-INF/CERT.SF"]
 
