Investigate ways to be sure a measurement was uploaded from our app

[jasonccox]

We currently have no way to be sure that a measurement was uploaded from our app and not another app pretending to be CellWatch. Perhaps we could use the APK signature to verify this somehow? I'm not sure if third parties would be able to access the signature and just embed it in their app, though.

[jeremy303]

Necro-thread resurrection! An API key is required for FCC upload, correct?

@jasonccox @david-peeler

[jasonccox]

Yes, if you look at supabase/migrations/20240606192504_post_fcc_submission_func.sql in the CellWatch backend server repo, there is a private.post_fcc_submission function that will actually post to the server. There's a comment above that with instructions for inserting the required API credentials so it can be used.