Skip to content

Auth Token

F-Droid

Open source

OATH software tokens

Version
3.0
Size
3 MB
Updated
May 15, 2017
Get from Download APK (v3.0)
Signing certificate on record

About this app

Turning a mobile phone into a One Time Password (OTP) generation device which can be used in the place of hardware tokens.

Support for provisioning tokens using the KeyUriFormat and QR codes as well as manual creation.

Can optionally be protected with a PIN to stop unauthorised access to the software tokens.

Supports both HOTP (Event Tokens) and TOTP (Time Tokens) specifications.

Licensed under GPL-3.0-only, by Mark McAvoy.

OfficialSignature VerifiedOpen Source

What's New in v3.0

Imported from the F-Droid repository index.

Version history

v3.0Latest
Signature continuous

May 15, 2017 · 3 MB · Android API 2130 · code 6

Imported from the F-Droid repository index.

USE_BIOMETRICWRITE_EXTERNAL_STORAGEUSE_FINGERPRINTREAD_EXTERNAL_STORAGE

SHA-256 e6944295ef12926a1f683a974cd2d7ef95c3d5e4ef7af86dd2a4eee9029c4fe1

v2.10
Signature continuous

Oct 13, 2015 · 0.1 MB · Android API 716 · code 5

Imported from the F-Droid repository index.

SHA-256 22d3ed3b41af63e11bb0ebcf6dfeacb87c7d8b88b9844980211bf4923907e07e

v2.02
Signature continuous

Oct 21, 2013 · 0.1 MB · Android API 716 · code 4

Imported from the F-Droid repository index.

SHA-256 270c82086b4aaba58d2a918b1618410a69849f5cadd0f5b8860ea6337a31039b

Will it run on your device?

CompatibilityLikely to run

73%

  • Runs on a broad range of modern Android versions.
  • ABI coverage is focused on newer 64-bit devices.
What changed in this release
Size delta
+2.9 MB
Added permissions
USE_BIOMETRIC, WRITE_EXTERNAL_STORAGE, USE_FINGERPRINT, READ_EXTERNAL_STORAGE
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be uk.co.bitethebullet.android.token is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 2.10 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall Auth Token first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of Auth Token, and a listing is removed when the evidence for it stops holding up.

Get Auth Token

Every source we list for uk.co.bitethebullet.android.token is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Security Privacy
Android
5.0+
Architectures
Version
3.0 (code 6)
Size
3 MB
Updated
May 15, 2017
Package name
uk.co.bitethebullet.android.token

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v3.0)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

e6944295ef12926a1f683a974cd2d7ef95c3d5e4ef7af86dd2a4eee9029c4fe1

Signing certificate

770eaad0fd2741382d10107d7ff07f1abb553ae590bc266faef41449c5c74f02

Permissions Required

USE_BIOMETRIC
WRITE_EXTERNAL_STORAGE
USE_FINGERPRINT
READ_EXTERNAL_STORAGE

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem