Open grrrrr opened 1 month ago
Hash is available on Github releases https://github.com/organicmaps/organicmaps/releases/tag/2024.07.27-8-android
Different hash. The one on the releases page is the hash of the specific apk.
I'm talking about the hash of your signing keys, to verify that it is properly signed
I'm essentially trying to add an additional later or security and make [this process]https://developer.android.com/tools/apksigner#examples-verify) as seamless as possible for users who install apk from the releases page for by fetching it with obtanium
On Android, you can use AppVerifier to confirm if an apk was signed by the owners or an untrusted key (as well as other methods). This can be combined with Obtanium to check at install time.
The hashes could be published in a number of places for additional trust. e.g