I am testing a way to check apps and make submissions easier. If anyone wants to take a peek and send feedback.
Over the course of a week I have now tripled the amount of app verification apps on my phone
Great work @jonah and @RoundSalmon4
Better use 'em to verify each other lol
Nice. Congrats.
To comply with soupslurpr/AppVerifier’s ISC license, (think) will have attributed them / mention this in the distributed version of the software (the app).
I am a stickler about licensing lol
I even attribute ourselves since the dataset has different contributors ![]()
If an app is not in the database, you’ll have the option to open a pre-filled GitHub submission issue in your browser.
This is a bit off topic, but I’m curious if there’s any privsec difference between opening in the browser vs that in-app browser thing that some apps do. I had to uninstall Ente apps on my GrapheneOS Dumbphone setup because it essentially allowed youtube and other access within the Ente app after clicking on some documentation links in the app, while 99% of other apps fail gracefully saying that they found no app to open a link.
I would think the big difference is that if the app uses webview it would need network permissions.
This looks great so far. Very simple and clean. Can you post the hash here so we have a second verification source aside from the repository?
It seems like this is essentially AppVerifier but linked to a different (larger) database? If so, I don’t really see any drawbacks assuming that PG’s verification process for an app hash is as rigorous as AppVerifier’s was.
Just done my first submission, was very easy. Thanks for doing this Jonah ![]()
AppVerifier allows you to paste in hashes that other people share with you, which this app doesn’t do. This app only checks the internal database.
org.privacyguides.verifiedapps
40:5C:6B:D2:CA:7C:3A:AE:8F:46:3C:6F:8B:55:BC:F0:DD:AC:43:1C:5E:D8:EA:FF:65:D1:06:C9:81:7A:20:7F
Are there plans to get the app into any app stores eventually? Accrescent?
Yeah, fdroid, accressent and play in that order. it’s in the readme.
Looks like one can access your database via AppVerifierBG as well:
The internal database is extended with entries from privacyguides/verified-apps, updated with each build. The database download is verified against GitHub attestations before every build.
But not submit entries to it, I assume.
what happens if an app has different sources (and thus different signatures) ?
Yes, it does also use this data.
To submit entries from that app you’d just have to copy them to the clipboard and then open our issue tracker and paste them manually.
I made this new app:
-
To reduce the number of people you need to trust if you only care about checking our new database. If you use AppVerifierBG you are relying on both Privacy Guides and @RoundSalmon4. Plus, AppVerifierBG might add other data or data sources to their database in addition to ours at some point. Which can be cool, no problem with that, but I want an app that will always exactly mirror ours.
-
To give people a button to open an auto-filled form to submit, yeah.
AppVerifierBG looks like it will be a better option for most people who want a full set of tools, the custom user database feature is neat. Our app is more cut down.
F-Droid info in README now.
We can verify all of them if people submit all of them.
since AppVerifier Source is static , I suggest choosing it once and it gets submitted with the issue instead of having to choose it every time
What do you mean?
Yes I’m going to fix this. When I added the autofill we didn’t have the option in the issue form template yet.
sometimes forks use same package name for the original app , how will you deal with that ?
for example (not fork though) : Gcam Services Provider uses same package name as Google Photos
edit : nevermind you know about it : [New]: Gcam Services Provider (photosonly) · Issue #520 · privacyguides/verified-apps · GitHub
Thanks for the App, I tested it, it works well and adds a lot of value ![]()
PS. I wish it was hosted somewhere else than Github/Microsoft… did you consider Codeberg? ![]()





