The lead dev of Accrescent is a GrapheneOS user and contributor. It'll be a good place to publish apps especially for GrapheneOS users. AppVerifier, BeauTyXT (text editor) and Transcribro (private, on device voice recognition and keyboard) are from the same person who wrote our GrapheneOS Info app. Molly is a security-focused fork of Signal from another GrapheneOS user.
AppVerifier was based on a planned GrapheneOS feature for users to verify APK files based on their key fingerprint. The feature is currently stalled since relying on the clipboard isn't ideal. For now, users can use AppVerifier from Accrescent until we ship a built-in approach to this.
Would this be mainly to verify apks on first download? Am I correct in believing that updates are already automatically verified?
Yes, but it can also verify currently installed apps too.
Installing an app from an APK file is trust on first use. All apps are signed by a certificate from the app developer which the OS trusts. Apps can only update if it is both a newer version, and it is signed by the same certificate it came with.
Updates are verified by only allowing updates from that same developer's certificate. If it doesn't match, it will fail. This prevents installing a fake or malicious update.
AppVerifier checks the apps you installed are have the genuine certificate and package name from the developer. It can compare to keys you provide or it can check from an internal database of apps in the app if there is an entry for it.
DB can be found here: https://github.com/soupslurpr/AppVerifier/blob/master/app/src/main/kotlin/dev/soupslurpr/appverifier/InternalVerificationInfoDatabase.kt
Thank you this great reply! I very much appreciate GrapheneOS and all you do 🙏
I installed it, then installed articons. what's the first thing I see? Happy pride month. NOPE not going there. DELETE.
Same. When projects cram that woke cultural/identity Marxism crap down my throat I look elsewhere as much as possible.