• jbk
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    That’s why Android apps must be signed. Tools can show an app’s certificate hash and if two app versions’ hashes match, they’re equally trustworthy / from the same source. I think APKMirror does this and it’s actually quite trusthworthy.