Reword extra blocks

fdroidserver/scanner.py

@@ -75,14 +75,18 @@ GRADLE_CATALOG_FILE_REGEX = re.compile(
 )
 VERSION_CATALOG_REGEX = re.compile(r'versionCatalogs\s*\{')
 
-FROSTING_BLOCK_TYPES = {
+APK_SIGNING_BLOCK_IDS = {
-    # 0x7109871a: 'SIGNv2',
+    # https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block
-    # 0xf05368c0: 'SIGNv3',
+    # 0x7109871a: 'APK signature scheme v2',
-    0x2146444E: 'Google metadata',
+    # https://source.android.com/docs/security/features/apksigning/v3#apk-signing-block
+    # 0xf05368c0: 'APK signature scheme v3',
+    # See "Security metadata in early 2018"
+    # https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html
+    0x2146444E: 'Google Play Signature aka "Frosting"',
     # 0x42726577: 'Verity padding',
     # 0x6DFF800D: 'Source stamp V2 X509 cert',
     # JSON with some metadata, used by Chinese company Meituan
-    0x71777777: 'Meituan metadata',
+    0x71777777: 'Meituan payload',
     # Dependencies metadata generated by Gradle and encrypted by Google Play.
     # '...The data is compressed, encrypted by a Google Play signing key...'
     # https://developer.android.com/studio/releases/gradle-plugin#dependency-metadata
@@ -669,12 +673,14 @@ def scan_binary(apkfile):
                 logging.debug("Problem: found class '%s'" % classname)
                 problems += 1
 
-    logging.info(_('Scanning APK for known frosting blocks.'))
+    logging.info(_('Scanning APK for extra signing blocks.'))
     a = common.get_androguard_APK(str(apkfile))
     a.parse_v2_v3_signature()
     for b in a._v2_blocks:
-        if b in FROSTING_BLOCK_TYPES:
+        if b in APK_SIGNING_BLOCK_IDS:
-            logging.debug(f"Problem: found frosting block '{FROSTING_BLOCK_TYPES[b]}'")
+            logging.debug(
+                f"Problem: found extra signing block '{APK_SIGNING_BLOCK_IDS[b]}'"
+            )
             problems += 1
 
     if warnings: