On Android, you can use AppVerifier to confirm if an apk was signed by the owners or an untrusted key (as well as other methods). This can be combined with Obtanium to check at install time.
The hashes could be published in a number of places for additional trust. e.g
blog post
gpg signed download
mastodon / twitter /...
Github
Why do you want this feature?
Allows for an additional layer of certainty being able to easily check that the apk is legitimately signed
Checklist
Feature description
On Android, you can use AppVerifier to confirm if an apk was signed by the owners or an untrusted key (as well as other methods). This can be combined with Obtanium to check at install time.
The hashes could be published in a number of places for additional trust. e.g
Why do you want this feature?
Allows for an additional layer of certainty being able to easily check that the apk is legitimately signed
Additional information
tangentially related to #5469