Are the apk signing certificate fingerprints for apps built by F-Droid and published via the official F-Droid repository published somewhere?
Only thing I could find is the fingerprints for the F-Droid apk itself; but not for the apps from the official repo.
https://f-droid.org/repo/index-v2.json
"eu.siacs.conversations": {
...
"versions": {
"1387b6c73cbdcdffacd1dddb16af309549ffbb20c688f6ddf64e1abfafbb4c06": {
"added": 1745607516000,
"file": {
"name": "/eu.siacs.conversations_4214204.apk",
"sha256": "1387b6c73cbdcdffacd1dddb16af309549ffbb20c688f6ddf64e1abfafbb4c06",
"size": 31446038,
"ipfsCIDv1": "bafybeibgf4tnxldrwk6dzle7f4q5rn3xo2qyfxhl2qjubiv6mvdopw2mwm"
},
...
"versionName": "2.18.2+free",
"versionCode": 4214204,
"usesSdk": {
"minSdkVersion": 23,
"targetSdkVersion": 35
},
"signer": {
"sha256": [
"c75abe78593643ae7cac527327cd2193482db067404a88b8c13f7a0701946187"
]
},
...
Thank you.
Is this information posted anywhere else?
I didn’t find a link to this file on any of the relevant documentation pages on f-droid.org.
Since we also have the PGP-Key and signatures for every apk I suppose it doesn’t matter that much, but I’d rather verify the APKs with something like AppVerifier than having to install gpg on my phone.