Closed joeing086 closed 2 years ago
SeBsZ
commented
2 years ago It looks like you are comparing the SHA-1 of the certificate signature against the SHA-1 of the file. These are different and can not be compared. Please see my screenshot which shows the SHA-1 of the signatures are identical on apkmirror.com and apkpure.com:
joeing086
commented
2 years ago Thank you for your reply, I also think that the software signature has always been proved to be very secure, but why are the MD5, SHA-1, SHA-256 of the same version provided by the two websites completely different, but the MD5, SHA-1 provided by apkpure , SHA-256 is exactly the same as I extracted after downloading from google store, can you explain the problem?
SeBsZ
commented
2 years ago The SHA-1 of version 421 are identical on both sites:
The SHA-1 of version 422 is indeed different. There are many different variants and we don't always offer all of them for download on the website. In this case we picked another variant but it is absolutely safe to download and install.
Expected behavior
This file comes from:https://apkpure.com/cn/alipay/com.eg.android.AlipayGphone/variant/10.2.30.6427-APK that file comes from:https://www.apkmirror.com/apk/alipay-com/alipay/alipay-10-2-30-6427-release/alipay-10-2-30-6427-android-apk-download/
Actual behavior
Steps to reproduce the problem
Please pay attention to the two download addresses, the SHA1 of the software with the same version number and the same variant is completely inconsistent, but the SHA1 of apkpure is exactly the same as the SHA1 I downloaded from google play, which makes me very worried, please tell me the answer,