How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?

  • @pexavc
    link
    1
    edit-2
    1 year ago

    When it comes to iOS, Here’s a cool guide for reverse engineering .ipas. https://github.com/ivRodriguezCA/RE-iOS-Apps . I would think applying a sort of comparison of the static analysis with a published app against the compiled repos version would be a possible first step