Isn't this is what the APK signature is for? To make sure the apk package hasn't been tampered with after publishing?
Login to reply
Replies (2)
Sure, but how do you know the APK is the repository's source code? I can sign a malicious APK, and the signature will still be valid.
I simply do not know