Add App Signing Certificate SHA-256 Hash to README

[NarwhalPrince]

I would like to request that the app signing certificate SHA-256 hash be added to the GitHub README for this project. This would greatly assist with verifying the authenticity of APKs downloaded from non-trusted sources, such as directly from GitHub or other websites, compared to trusted sources like the Google Play Store or Accrescent.

By including this information, users can easily use tools like AppVerifier to confirm the APK's authenticity before installation.

Thank you for considering this request!

[sosauce]

Hello, I've added the SHA-256 hash using this video : https://www.youtube.com/watch?v=xq_CxyqssiA since it's my first time dealing with SHA-256 hash. I'd also like to note that CuteApps are NOT officially avaible on the Google Play Store, only GitHub and IzzyOnDroid. Tell me if there is any problems !

[NarwhalPrince]

Hey! Thanks for doing that. It doesn't look like it matches what I'm getting. Can you try using the apksigner tool with the --print-certs option https://developer.android.com/tools/apksigner#usage-verify

Also, is there anywhere else (e.g. a website) where you can have the hash posted?

The use case for this isn't for apps hosted on the Play Store, it is for obtaining apps from sources without a chain of trust. This allows us to mitigate issues with trust on first use (TOFU).

[sosauce]

Signer #1 certificate SHA-256 digest: fd2d95cdb348b2f1aebedbab879ced737385ee13c305a139d6580d4cf2c0d65a

This is what I got with apksigner, is this what you also get ? I have my website : https://sosauce.github.io/ Would it be okay to put the hashes here ?

[NarwhalPrince]

Yes and yes!

APK fingerprint matches and posted to your website would be best. You can just link to the page where the hash is placed.

[sosauce]

Great, will do ASAP!