Signature & Certificate Verification
Verify file hashes and developer certificates to catch tampered files and fake versions of popular apps.
Repackaged apps are a classic trick: attackers take a real APK, inject spyware, re-sign it and distribute it on forums and 'mod' sites. We extract the signing certificate and compare it with the genuine developer's, and publish the SHA-256 so you can verify the exact file.
What this layer checks
- Signing certificate extraction with issuer, validity and fingerprint details.
- Mismatch alerts when a well-known app is signed by an unknown certificate.
- SHA-256 / SHA-1 / MD5 hashes for every uploaded file.
- Version comparison against the official Play Store release where available.
Why it matters
Malware authors count on users never looking inside a file. This layer makes the inside visible — automatically, in seconds, and explained in plain English instead of analyst jargon. Combined with the other six layers, it feeds the single verdict you see at the top of every report: SAFE, WARNING, or MALWARE.
Test it on a real file.
Scanning any file is free, takes under a minute and requires no sign-up.