diff --git a/wiki/Switch-between-releases_Verify-APK-is-genuine.md b/wiki/Switch-between-releases_Verify-APK-is-genuine.md new file mode 100644 index 00000000..9a39fc85 --- /dev/null +++ b/wiki/Switch-between-releases_Verify-APK-is-genuine.md @@ -0,0 +1,29 @@ +Syncthing-Fork "Wrapper for Syncthing" has three release channels: + +1. [GitHub](https://github.com/Catfriend1/syncthing-android/releases/latest) release page, e. g. com.github.catfriend1.syncthingandroid_1.0.0.1_7d59e75.apk + +2. F-Droid client or [website](https://f-droid.org/packages/com.github.catfriend1.syncthingandroid/), e. g. com.github.catfriend1.syncthingandroid_fdroid_1.0.0.1_7d59e75.apk + +3. [Google Play Store](https://play.google.com/store/apps/details?id=com.github.catfriend1.syncthingandroid), e. g. com.github.catfriend1.syncthingandroid_gplay_1.0.0.1_7d59e75.apk + +The signing on these release channels differ, so if you wish to change to a different channel: + +* Run existing app installation + * Open the drawer on the left side > Import & Export > Export configuration +* Uninstall app +* Install app from your preferred release channel +* Run app + * Complete the welcome wizard + * Open the drawer on the left side > Import & Export > Import configuration + +To verify your downloaded APK, compare the certificate hash of the APK to the one's listed below. It has to match one of them to indicate you have a genuine version of the app. + +1. GitHub APK: 2ScaPj41giu4vFh+Y7Q0GJTqwbA= + +2. F-Droid APK: nyupq9aU0x6yK8RHaPra5GbTqQY= + +3. Google Play APK: dQAnHXvlh80yJgrQUCo6LAg4294= + +Here is a quick way of getting the certificate hash out of an APK file on Linux: + +* keytool -list -printcert -jarfile "/path/to/release.apk" | grep "SHA1: " | cut -d " " -f 3 | xxd -r -p | openssl base64