This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.
Content index
We have discovered a very interesting application. It's called AppVerifier e allows you to check very easily whether the applications you have installed on your smartphone are authentic or less.
When you download an application, especially outside traditional stores but not only, there is always the risk that you are installing something inauthentic. You will probably have seen, when you download the APK of an application directly from a website, the phrase "check that the certificate matches this key" or something similar.
AppVerifier, checks if installed applications are authentic
We can see it for example on the Signal APK download page: https://signal.org/android/apk/:
You can verify the signing certificate on the APK matches this SHA256 fingerprint:
29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0
EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
To put it quite briefly, it is a method to understand if the application you are downloading corresponds to the official one released by Signal. We can find the same thing for example on Proton Mail and in general it is a good habit to use it for applications that require a certain level of security.
This is because if the APK has the same signature that you find on the site you can be sure that it is the same application. If instead you find yourself faced with an application called Signal and it looks like Signal in every way but has a different signature uninstall it immediately and download it from the official website.
How is the signature verified?
The peculiarity of AppVerifier lies precisely in the immediacy of the check which would otherwise require a minimum of work. Thanks to AppVerifier, however, you can simply automatically load the list of installed applications and quickly check if they have the correct signature.
In some cases you will already find a green dot because AppVerifier has its own internal database for the most important applications For example Whatsapp, Proton Mail, Telegram, Catima, Signal and many others. However, if the application does not already have the green sticker and you would like to check it, simply go to the relevant site, look for the signature if it has been published and have the application check it.
Let's take an example of an application that is not automatically recognized as FFUpdater. If you want to check that it is the original you can verify that the key that is seen by AppVerifier matches the one inside this file: https://github.com/Tobi823/ffupdater/blob/master/dev/signatures/apk_signature.txt, Therefore: f4e642bb85cbbcfd7302b2cbcbd346993a41067c27d995df492c9d0d38747e62.
Download and try AppVerifier
If you also want to try this useful application, to be used as mentioned mainly for applications with sensitive and important data, you can download it by following the instructions below.
AppVerifier is also available through the new store called Accr which we haven't told you about yet but which could, in the future, become very interesting. However, you can also download it directly via GitHub APK to update via Obtainium.
• •This tag @loyal alternatives is used to automatically send this post to Feddit and allow anyone on the fediverse to comment on it.
Join communities
If you have found errors in the article you can report them by clicking here, Thank you!