from a discussion on github:
For a security oriented application I would like to use AppVerifier to confirm the hash on the APK from Obtainium. The hash next to the release, v.2.35.0 right now, causes a “Failure” with AppVerifier.
I found the correct page on the website: Verify Downloads - Delta Chat
after asking for more details:
AppVerifier is installed via Accrescent and Accrescent is installed by default with GrapheneOS, the private and secure mobile OS based on the Android Open Source Project (AOSP).
When installing an application from, say, GitHub via Obtainium the install process redirects you to AppVerifier so you can check the APKs hash against that published by the developer. Now you know what you are about to install matches the published hash.
In this case AppVerifier showed me a hash but the hash on the GitHub release page didn’t match. However, when I found the hash on the DeltaChat website (see above) I could do the verification.
so it seems, things are somehow fine. please comment if things can be made easier - AppVerifier also seem to have an internal database, that might be interesting as well.
in general, however, then the question arises how trustworthy the source where AppVerifier came from is …
for Accrescent there is another feature proposal at Publish to accrescent?