Oddbean

also, the app and database are still growing and most apps don't publish hashes. here's what the dev had to say... --- In reply to (redacted):matrix.org thanks for all the great work on this. some apps have green checkmark, others dont; is there anything us users can do to help get more apps checked? Yes, please read https://github.com/soupslurpr/AppVerifier/blob/master/CONTRIBUTING.md and if you can, it would be appreciated to contribute directly to the internal verification info database in code so it is easier for me to review and merge as I don't have to write that part myself, only cross-verify. > <@(redacted):matrix.org> perfect so just to make sure i understand whats goin on... the database includes a signing key hash taken from an app's website or github or whatever to later compare to the file, is that correct? The app is installed from all the sources it is available on and the verification info is viewed and exported using AppVerifier. Most apps don't publish hashes. --- until then we can try to verify by checking the apk site or repo for the hash signature for the apps we have and paste that into the appropriate app in appverifier or download different apps from the same developer and compare their hashes. please note most apps don't publish hashes and the same app on google play, f-droid, and direct from dev apk can have different hash signatures etc