GitHub - TGX-Android/Telegram-X: The main repository of Telegram X — official alternative Telegram client for Android. (original) (raw)

Telegram X — a slick experimental Telegram client based on TDLib.

Telegram X

This is the complete source code and the build instructions for the official alternative Android client for the Telegram messenger, based on the Telegram API and the MTProto secure protocol via TDLib.

Build instructions

Prerequisites

macOS

Ubuntu

Windows

Building

  1. $ git clone --recursive --depth=1 --shallow-submodules https://github.com/TGX-Android/Telegram-X tgx — clone Telegram X with submodules
  2. In case you forgot the --recursive flag, cd into tgx directory and: $ git submodule init && git submodule update --init --recursive --depth=1
  3. Create keystore.properties file outside of source tree with the following properties:
    keystore.file: absolute path to the keystore file
    keystore.password: password for the keystore
    key.alias: key alias that will be used to sign the app
    key.password: key password.
    Warning: keep this file safe and make sure nobody, except you, has access to it. For production builds one could use a separate user with home folder encryption to avoid harm from physical theft
  4. $ cd tgx
  5. Run $ scripts/./setup.sh and follow up the instructions
  6. If you specified package name that's different from the one Telegram X uses, setup Firebase and replace google-services.json with the one that's suitable for the app.id you need
  7. Now you can open the project using Android Studio or build manually from the command line: ./gradlew assembleUniversalRelease.

Available flavors

Quick setup for development

If you are developing a contribution to the project, you may follow the simpler building steps:

  1. $ git clone --recursive https://github.com/TGX-Android/Telegram-X tgx
  2. $ cd tgx
  3. Obtain Telegram API credentials
  4. Create local.properties file in the root project folder using any text editor:

Location where you have Android SDK installed

sdk.dir=YOUR_ANDROID_SDK_FOLDER

Telegram API credentials obtained at previous step

telegram.api_id=YOUR_TELEGRAM_API_ID
telegram.api_hash=YOUR_TELEGRAM_API_HASH 5. Run $ scripts/./setup.sh — this will download required Android SDK packages and build native dependencies that aren't part of project's CMakeLists.txt 6. Open and build project via Android Studio or by using one of ./gradlew assemble commands in terminal

After submitting a pull request and its initial review, special build including your contribution will be published in @tgx_prs channel, where it can be tested by the community. In case any issues or bugs found, you may push more commits to an existing PR that address them and request to publish a newer build by using comments section of pull request or in @tgx_dev chat.

Reproducing public builds

In order to verify that there is no additional source code injected inside official APKs, you must use Ubuntu 21.04 for builds published before 26th May 2023 or Ubuntu 22.04.2 LTS for any newer releases, and comply with the following requirements:

  1. Create user called vk with the home directory located at /home/vk
  2. Clone tgx repository to /home/vk/tgx
  3. Check out the specific commit you want to verify
  4. In rare cases of builds that include unmerged pull requests, you must follow actions performed by Publisher's fetchPr and squashPr tasks
  5. cd into tgx folder and install dependencies: # apt install $(cat reproducible-builds/dependencies.txt)
  6. Follow up the build instruction from the previous section
  7. Run $ apkanalyzer apk compare --different-only <remote-apk> <reproduced-apk>
  8. If only signature files and metadata differ, build reproduction is successful.

In future build reproduction might become easier. Here's a list of related PR-welcome TODOs:

PS: Docker is not considered an option, as it just hides away these tasks, and requires that all published APKs must be built using it.

Verifying side-loaded APKs

If you downloaded Telegram X APK from somewhere and would like to simply verify whether it's an original APK without any injected malicious source code, you need to get checksum (SHA-256, SHA-1 or MD5) of the downloaded APK file and find whether it corresponds to any known Telegram X version.

In order to obtain SHA-256 of the APK:

Once obtained, there are three ways to find out the commit for the specific checksum:

License

Telegram X is licensed under the terms of the GNU General Public License v3.0.

For more information, see LICENSE file.

License of components and third-party dependencies it relies on might differ, check LICENSE file in the corresponding folder.

Third-party dependencies

List of third-party components used in Telegram X can be found here. Additionally you can check the specific commit of the third-party component used, for example, here and here.

Contributions

Telegram X welcomes contributions. Check out pull request template and guide for contributors to learn more about Telegram X internals before creating the first pull request.

If you are a regular user and experience a problem with Telegram X, the best place to look for solution is Telegram X chat — a community with over 4 thousand members. Please do not use this repository to ask questions: if you have general issue with Telegram, refer to FAQ or contact Telegram Support.