Android: List Signing Certificate Hash to Let Users Verify the Downloaded APK

[deivpaukst]

Describe the feature you'd like to request

I'm downloading this app using Obtanium and so I would like to make sure that the app I install is indeed the correct one. To do so I use AppVerifier. To be able to check whether the app downloaded is indeed from the developer I would need the hash of the signing certificate used to sign the app.

It's slowly becoming a standard security practice to list the key's hash somewhere in your project for example: Thunderbird, Molly, AuroraStore, GeoShare.

Describe the solution you'd like

The hash would be listed preferably on an external site. Like the app's site, but it could also be listed on Github if the external site is not an option.

Describe alternatives you've considered

I've also considered getting the app from Google Play or just hoping that I have indeed acquired the app from the developer. Neither option really resolves the issue for me.

[github-actions]

Hello 👋

Thank you for taking the time to open this issue with floccus. I know it's frustrating when software
causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at
and if possible solved.
I'm Marcel and I created floccus a few years ago, maintaining it ever since. I currently work for Nextcloud
which leaves me with less time for side projects like this one than I used to have.
I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it.
Until then, please be patient.
Note also that GitHub is a place where people meet to make software better together. Nobody here is under any obligation
to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can
collaborate to make this software better. For everyone.
Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge
and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and
try to fix the odd bug yourself. Everyone will be thankful for extra helping hands!
To continue the development and maintenance of this project in a sustainable way I ask that you donate to the project when opening an issue
(or at least once your issue is solved), if you're not a donor already.
You can find donation options at https://floccus.org/donate/. Thank you!

One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the Nextcloud forum,
to twitter or somewhere else. But this is a technical issue tracker, so please make sure to
focus on the tech and keep your opinions to yourself.

I look forward to working with you on this issue
Cheers 💙

[marcelklehr]

Great idea!

[deivpaukst]

TYSM!

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.