Posts Tagged ‘android’

3 Comments

How to check the Signing Certificate on an Android app / apk.

Thursday, January 3rd, 2019

If you own a Android Phone, and you want to use Signal instead of Whatsapp or Telegram for privacy matters, and, for the same privacy matters, you don’t have a Google Account on your phone, or you don’t use Google Play but the free F-Droid, their is a solution. You can download the Signal APK from their website: https://signal.org/android/apk/

They give a warning:

Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.

What a normal circumstances these days? You can’t trust Facebook anymore, maybe you can trust Google, but you don’t wanna trust Google, because trusting Google is telling Google where you are, what you do, what you say, what and who you see and who your friends are.

It’s not a matter of trust, it’s a matter of privacy and decency that you don’t do that.

So downloading the Signal APK is probably what you should do these days. But how to be sure you download the real one?

The websites tells you to verify the signing certificate on the APK matches this SHA256 fingerprint. Unfortunately they don’t tell you how to do that.

Verify the signing certificate on the Signal APK.

This one-liner will show you the SHA256 Fingerprint that has to be checked:

unzip -p Signal-website-release-4.31.6.apk META-INF/SIGNAL_S.RSA > /tmp/tmp.cert ; keytool -printcert -file /tmp/tmp.cert

You get this output:

Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: RSA (1024)
Version: 3

As you can see the SHA256 is the same fingerprint as on the Signal download page.

It’s verified. The Signal apk is safe to use now.

1 Comment

Install Android browsers without Google Play

Monday, March 13th, 2017

Android is the most used operating system for phones. Unfortunately software updates for android phones are not always available nowadays, so the only way to keep your phone secure and up-to-date, is to use a community driven version of Android.

Well, Android is open source, so you can always build something like LineageOS to get a recent version of Android for your device.

I certainly can recommend that. Even older phones are running quite nice, especially when all the proprietary (Samsung/Google) stuff is not installed. Don’t flash GAPPS and your phone feels like new.

Of course that means you don’t have something like Google Maps, but safety has a price, and to be honest, OsmAnd Maps is an excellent replacement.

Software for Android phones outside Google Play store

So now you have a recent LineageOS Android version on your phone, now you need software. You can use the F-Droid repository full of FOSS (Free and Open Source Software).

F-Droid

Opera Browser for Android outside the Google Play Store

You can find the Opera Browser, both the Mini, Mobile and the Opera Android version here:

https://www.opera.com/mobile/download/versions/

Firefox Browser for Android outside the Google Play Store

Firefox for Android is the only mobile browsers that has support for extensions. I can really recommend it.

You can find the Firefox browser, the apk package  here:

https://www.mozilla.org/en-US/firefox/android/all/

If you want to try out a beta version of Firefox for Android, you can find it here:

https://www.mozilla.org/en-US/firefox/android/beta/all/

And Firefox Aurora, the nightly builds:

https://www.mozilla.org/en-US/firefox/android/aurora/all/

When you use Android AOSP, you can have a hard time finding the right browser for your device. Don’t ask me why, but all those links are more or less unfindable, because they are hidden from search-engines.

<meta name="robots" content="noindex">

Hope we can help.

Android AOSP is a great operating system for phones, and more or less the only way to use an Android Phone safe and secure for more then two years.