APK signing certificate fingerprints

lofortubelly · May 21, 2025, 9:43am

Are the apk signing certificate fingerprints for apps built by F-Droid and published via the official F-Droid repository published somewhere?

Only thing I could find is the fingerprints for the F-Droid apk itself; but not for the apps from the official repo.

Licaon_Kter · May 21, 2025, 10:01am

https://f-droid.org/repo/index-v2.json

    "eu.siacs.conversations": {
    ...
      "versions": {
        "1387b6c73cbdcdffacd1dddb16af309549ffbb20c688f6ddf64e1abfafbb4c06": {
          "added": 1745607516000,
          "file": {
            "name": "/eu.siacs.conversations_4214204.apk",
            "sha256": "1387b6c73cbdcdffacd1dddb16af309549ffbb20c688f6ddf64e1abfafbb4c06",
            "size": 31446038,
            "ipfsCIDv1": "bafybeibgf4tnxldrwk6dzle7f4q5rn3xo2qyfxhl2qjubiv6mvdopw2mwm"
          },
...
            "versionName": "2.18.2+free",
            "versionCode": 4214204,
            "usesSdk": {
              "minSdkVersion": 23,
              "targetSdkVersion": 35
            },
            "signer": {
              "sha256": [
                "c75abe78593643ae7cac527327cd2193482db067404a88b8c13f7a0701946187"
              ]
            },
...

lofortubelly · May 21, 2025, 10:24am

Thank you.

Is this information posted anywhere else?
I didn’t find a link to this file on any of the relevant documentation pages on f-droid.org.

Since we also have the PGP-Key and signatures for every apk I suppose it doesn’t matter that much, but I’d rather verify the APKs with something like AppVerifier than having to install gpg on my phone.