Verify Downloads
For Android, you can verify the signing certificate on the APK matches one of the following SHA256 fingerprints:
-
For F-Droid downloads:
9D:B6:67:8E:D7:4C:88:12:4B:82:5E:8F:90:50:2B:76 CD:97:C5:EC:CC:9A:A9:2F:40:33:02:71:02:D9:AA:9D
-
Other APK downloads:
D6:41:54:2B:F7:E7:73:F5:BA:7B:97:79:4D:E0:14:21 2F:49:91:AE:97:15:EE:42:0B:16:F3:04:35:84:17:35
or
35:5B:E2:C3:8E:C6:73:83:C1:02:FB:E0:3E:84:C4:BC 3E:6F:89:06:F8:D3:66:91:4F:84:52:82:08:13:2A:EE
To print the SHA256 fingerprints of the APK signing certificate you can use eg.
keytool -printcert -jarfile <APK-file>