Correctly identify Android APK/DEX files
The Janus bug for Android works by making a valid APK file that is also a valid DEX file. https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures Diffoscope sees these files as different file types, so there is no way to imspect the malware payload. Given this and the issues in file detection in #849782, there should be a way to force which kind of comparison that diffoscope does. Something like --force=apk would solve both. There are two example files attached.