Skip to content

AppVerifier BG

F-Droid

Open source

Verify installed apps against shared signature hashes and databases.

Version
0.6.2
Size
2.8 MB
Updated
Jul 16, 2026
Get from Download APK (v0.6.2)
Signing certificate on record

About this app

AppVerifier BG verifies that installed Android apps match their expected signing certificate fingerprints. Compare an app's signing hash against shared text, an internal database synced from Privacy Guides, or your own user database. Hashes are checked for valid SHA-256 format — when verification fails, they're labeled "Expected" vs "Found" so you can tell which is which. Apps signed with debug certificates are flagged as insecure. ZIP files containing a base APK are also accepted.

App List

Every installed user app shows status icons for internal database matches, user database entries, clipboard verification, and shared text matches at a glance. Sort by name, database status, debug builds, clipboard verified, or shared text — pick whichever you need from the dropdown, and it only shows modes with matching data. A filter chip hides everything except mismatches. The default sort order can be set in settings. Search by name or package name. Long-press an app with a user database entry or clipboard checkmark to remove it individually.

Internal Database

Built-in database of verified app hashes synced from privacyguides/verified-apps, updated with each build. The database download is verified against GitHub attestations before every build.

Combined Database Status

See internal and user database results side by side on the app list and verification screen. A setting lets you choose between both, internal only, or user database only.

User Database

Save verification info for later. Add entries individually from the verification screen or bulk-add from shared text. Supports import and export in JSON, text, and YAML formats (auto-detected on import, choose on export). Import lets you combine with existing entries or replace them, and shows a summary of what changed. Entries can be removed individually by long-pressing the app in the list, or removed in batch from selection mode.

Shared Text

Share verification info for several apps at once. Multiple entries separated by blank lines are accepted on receive. Shared text with multiple entries filters the app list to show matching apps only, with icons indicating hash match status. Bulk-add all verified matches to your database from the filtered list. AppVerifier also handles ACTION_SEND and ACTION_VIEW intents so you can share text or APK files directly from other apps.

Clipboard Verification

Verify from clipboard with a single button on the startup screen. Successful clipboard verifications add a blue checkmark in the app list. The checkmark can be toggled on or off in settings and cleared separately. Individual checkmarks can be removed by long-pressing the app in the list.

Share All Apps

Share every installed app's verification info as text from the settings screen.

Reproducible Builds

Release builds use SOURCE_DATE_EPOCH and deterministic R8 so the same tag always produces the same APK.

This is a fork of soupslurpr/AppVerifier with additional features.

Licensed under ISC, by RoundSalmon4.

OfficialSignature VerifiedOpen Source

What's New in v0.6.2

Imported from the F-Droid repository index.

Version history

v0.6.2Latest
Signature continuous

Jul 16, 2026 · 2.8 MB · Android API 2836 · code 26

Imported from the F-Droid repository index.

QUERY_ALL_PACKAGEScom.roundsalmon4.appverifier.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 4e522e2db84e8311e86fc8d86058606894427df90772925c008492c81222275b

v0.6.1
Signature continuous

Jul 1, 2026 · 2.9 MB · Android API 2836 · code 25

Imported from the F-Droid repository index.

QUERY_ALL_PACKAGEScom.roundsalmon4.appverifier.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 93a2a802821899522cfe680385446c00dec8a7d26a6a6a4d24e7450364049284

v0.6.0
Signature continuous

Jun 27, 2026 · 2.9 MB · Android API 2836 · code 24

Imported from the F-Droid repository index.

QUERY_ALL_PACKAGEScom.roundsalmon4.appverifier.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 4ffa58f3d14a319db987f56dfa0cfa67bd658f0dd6eeed4df7b023865bf1cbbe

Will it run on your device?

CompatibilityLikely to run

74%

  • Targets newer Android builds, so legacy devices may be excluded.
  • Multiple CPU architectures are covered.
  • Aligned with the latest Android target SDK expectations.
What changed in this release
Size delta
-0.1 MB
Added permissions
None
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be com.roundsalmon4.appverifier is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 0.6.1 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall AppVerifier BG first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of AppVerifier BG, and a listing is removed when the evidence for it stops holding up.

Get AppVerifier BG

Every source we list for com.roundsalmon4.appverifier is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Security Privacy
Android
9.0+
Architectures
arm64-v8a, armeabi-v7a, x86, x86_64
Version
0.6.2 (code 26)
Size
2.8 MB
Updated
Jul 16, 2026
Package name
com.roundsalmon4.appverifier

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v0.6.2)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

4e522e2db84e8311e86fc8d86058606894427df90772925c008492c81222275b

Signing certificate

1e76f1a15cbe201f0fe26af27a12d91d0d3481fe7dcc7d89e9d2056930f6d5a9

Permissions Required

QUERY_ALL_PACKAGES
com.roundsalmon4.appverifier.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem