Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

List Signing Certificate Fingerprint to Let Users Verify the Downloaded APK #1570

Open
KaiserCalm opened this issue Jan 31, 2025 · 0 comments
Open

List Signing Certificate Fingerprint to Let Users Verify the Downloaded APK #1570

KaiserCalm opened this issue Jan 31, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@KaiserCalm
Copy link

Describe the feature you'd like
I'm downloading this app using Obtanium and so I would like to make sure that the app I install is indeed the correct one. To do so I use AppVerifier. To be able to check whether the app downloaded is indeed from the developer I would need the hash of the signing certificate used to sign the app.

The hash would be listed preferably on an external site. Like the app's site, but it could also be listed on Github if the external site is not an option.

I've also considered getting the app from Google Play or just hoping that I have indeed acquired the app from the developer. Neither option really resolves the issue for me.

Additional context
It's slowly becoming a standard security practice to list the key's hash somewhere in your project for example: Thunderbird, Molly, AuroraStore, GeoShare.
@KaiserCalm KaiserCalm added the enhancement New feature or request label Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KaiserCalm