Edge Wallet v4.30.0 Not Reproducible from Tag v4.30.0 - WalletScrutiny.com #5647
Description
Hi Edge team 👋,
We’ve recently attempted to verify the reproducibility of the APK for Edge Wallet v4.30.0 (co.edgesecure.app) using your published source code at tag v4.30.0, and while the version metadata matched, the resulting APKs showed significant binary-level differences.
🔍 Summary
Official APK versionCode/versionName: 25062409 / 4.30.0
Tag used: v4.30.0
Commit checked out: cc0bb81
Build environment: Dockerized build using Android SDK, Node, and Gradle
Comparison tools: apktool, aapt, diffoscope
❌ Key Differences
Although both the Play Store APK and the local build used the same tag and version code:
Sentry dependencies in the Play APK are at version 7.22.5, while the tag currently pulls in 8.12.0.
Kotlin version has also changed (1.8.22 → 1.9.24).
All .dex files and native .so libraries differ.
index.android.bundle and resources.arsc files are not byte-for-byte identical.
We suspect the tag v4.30.0 may have been force-pushed or updated since the Play APK was built, resulting in this drift.
📎 Full Report
The full reproducibility report and recursive diff are available for reference:
walletscrutiny.com verification
We’d be happy to collaborate further if needed. Thank you for maintaining open-source transparency, and please let us know if there’s a fixed tag or SHA we should be using for a fully verifiable build.
Best regards,
Daniel Andrei R. Garcia
WalletScrutiny.com Verifier
GPG: AFA5A2208F9DE1CF