@vikrantnyc I think Cake should:
- fix the `getEncryptionKey()` issue;
- publish or commit the generated `secure_storage.dart`;
- publish reproducible Android build instructions;
- publish independent rebuild logs showing APKs match source.
After the xz backdoor we cannot rely on trust.
@IntCyberDigest I could not find public evidence that Cake Wallet mobile apps have reproducible builds. Signed APKs and hashes prove the APK came from Cake, but not that it matches the reviewed source. Vik has dismissed any criticism of this. Cake app has audit gaps.