8395472f8d
I got scared by seeing the Android docs' version of JarFile.getInputStream, which didn't mention SecurityException or the signature checking. But it seems that even tho its not in the Android docs, Android implements it the same as Java does. It is good to have these tests in place anyhow, since this is an essential piece of the security process of FDroid. * http://docs.oracle.com/javase/6/docs/api/java/util/jar/JarFile.html#getInputStream(java.util.zip.ZipEntry) * https://developer.android.com/reference/java/util/jar/JarFile.html#getInputStream(java.util.zip.ZipEntry) refs #2627 https://dev.guardianproject.info/issues/2627 refs #2959 https://dev.guardianproject.info/issues/2959