v0.0.4
Bug Fixes
- AutoSealService now respects user privacy settings via Hilt-injected SettingsRepository
- Database schema export enabled for Room migration testing
- GPS redaction now re-signs manifest — signature stays valid after removing location data
Crypto Trust Anchors
- NTP timestamp anchoring via SNTP (time.google.com, pool.ntp.org fallback)
- Key attestation chain validated against 3 Google Root CAs (EC P-256, RSA 4096, EC P-384)
- Auto key regeneration when existing key lacks attestation extension
New Capabilities
- RFC 3161 TSA timestamps (DigiCert/Sectigo fallback, graceful offline degradation)
- Depth map integration in ScreenDetector (+25 pts for flat DEPTH16)
- Play Integrity API with fallback to existing root detection
Standards & Internationalization
- i18n: PT-BR, ES, FR, DE translations across all 7 modules
- C2PA Phase 1: CBOR serialization alongside JSON
- CAWG Phase 1: self-signed X.509 identity assertions
Tests
- 49+ new unit tests
Dependencies
- Bouncy Castle 1.78.1, Play Integrity 1.4.0, Jackson CBOR 2.17.0
Full Changelog: v0.0.3...v0.0.4