List Signing Certificate Fingerprint to Let Users Verify the Downloaded APKs #10
Comments
|
Sounds reasonable, the website should automatically update in some minutes 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature you'd like
I'd like to download multiple apps under the YouApps umbrella from their git repo releases using Obtanium and also I would like to make sure that the apps I install are indeed the correct ones. To do so I use AppVerifier. To be able to check whether the apps downloaded are indeed from the developer I would need the hashes of the signing certificates used to sign those apps.
The hashes would be listed preferably on an external site. Like the app's site, which is why I made the issue in the website's git repo, but it could also be listed on Github if the external site is not an option.
I've also considered getting the apps from f-droid or just hoping that I have indeed acquired the apps from the developer. Neither option really resolves the issue for me.
Additional context
It's slowly becoming a standard security practice to list the key's hash somewhere in your project for example: Thunderbird, Molly, AuroraStore, GeoShare.
The text was updated successfully, but these errors were encountered: