there are a couple of layers to this. Generally, you should be able to trust a signature of an APK, and you can validate that on and off device. If a new APK is pushed with the correct signature, you might have a very difficult time distinguishing that from a legitimate staged roll out of a new version. Different signature APK will not install on a non compromised OS.
For checking if something is rare, you can check the checksum of an APK installed on a device or off the device.
Aurimas Liutikas :google:
npub14d…gexmr
2025-02-27 20:08:08 UTC
in reply to nevent1q…revm
Author Public Key
npub14dtk08605wugyq2jhfwpnzv6n3y2rfwk7jmqt4wdensj39zwurkslgexmrSeen on
wss://relay.momostr.pinkPublished at
2025-02-27 20:08:08 UTCEvent JSON
{
"id": "63fcc9c5aa7b507ae2ee463b24469a0728598ebeb67c08465a7f8563c1dbd5c1",
"pubkey": "ab57679f4fa3b8820152ba5c19899a9c48a1a5d6f4b605d5cdcce128944ee0ed",
"created_at": 1740686888,
"kind": 1,
"tags": [
[
"e",
"bf12fae97c0ff76faab8b7d20e6ad61fbd2ba9bf93a5d6a77f3aed68c0c048ae",
"",
"root",
"69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d"
],
[
"proxy",
"https://androiddev.social/@Aurimas/114077655894034869",
"web"
],
[
"p",
"69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d"
],
[
"proxy",
"https://androiddev.social/users/Aurimas/statuses/114077655894034869",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://androiddev.social/users/Aurimas/statuses/114077655894034869",
"pink.momostr"
],
[
"-"
]
],
"content": "there are a couple of layers to this. Generally, you should be able to trust a signature of an APK, and you can validate that on and off device. If a new APK is pushed with the correct signature, you might have a very difficult time distinguishing that from a legitimate staged roll out of a new version. Different signature APK will not install on a non compromised OS.\n\nFor checking if something is rare, you can check the checksum of an APK installed on a device or off the device.",
"sig": "2ed4ab84b66fc607350cfea99f85449b94001db0babf2f5f3aa6d83de14d5eb5592bfcc2195c9790420219afaef2d98b13044bdef186e352859e843e61dce15a"
}