Collections
8 publishers · 17 apps
The most useful way to group this catalogue is not by theme, it is by who signed the apps. Every app from a publisher is signed with the same key, so once you know what a publisher's certificate fingerprint looks like, you can check any of their releases against it — including one you found somewhere else entirely.
Verified below means we have a statement from the publisher claiming the apps we list under their name, which is a claim about identity rather than a judgement about quality. An unverified publisher is not a warning; it usually means nobody has got round to it yet. Either way the per-build evidence on each listing is the thing to read.
Everything below has been traced to a publisher we can name. Where the app is on an official storefront, that link sits at the top of the listing and we do not try to outrank it — the store copy has the shortest chain of custody available. Where we host or mirror a build instead, the listing carries its SHA-256 hash, the signing certificate fingerprint, the version code, and the full permission list, so the file can be checked before it is installed rather than trusted after.
Before you install anything from this page
Why is this grouped by publisher rather than by theme?
Because a theme is a matter of opinion and a signing key is a matter of fact. Grouping by publisher gives you something you can act on: every app under a name below is signed with the same key, so the fingerprint you learn from one listing is the fingerprint you can check the next release against. A list called Best Photo Editors tells you what somebody thought; a publisher tells you who compiled the file.
What does the verified badge actually mean?
That the publisher has made a statement claiming the apps listed under their name, and we have recorded it. It says nothing about the quality of the apps, how they treat your data, or whether we recommend them. An unverified publisher has usually just not been through that step yet — it is not a warning, and the certificate fingerprint on each build is the evidence that matters either way.
How do I check an APK is genuine before I install it?
Two checks, both on the listing page. Hash the file you downloaded with SHA-256 and compare it to the hash we published — if one byte differs, the whole hash differs. Then compare the signing certificate fingerprint to the publisher's earlier releases. Android enforces that match itself: it will refuse an update signed with a different key than the version already installed, which is why a matching fingerprint is meaningful evidence and a matching version number is not.