• jbk@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        That’s why Android apps must be signed. Tools can show an app’s certificate hash and if two app versions’ hashes match, they’re equally trustworthy / from the same source. I think APKMirror does this and it’s actually quite trusthworthy.