Skip to content

Publisher

F-Droid

Verified publisher

F-Droid is a catalogue of free and open-source Android software. It builds apps from their published source and signs the results itself, then publishes the signing certificate and a SHA-256 for every build — which is why we can import from it without weakening what a listing here is supposed to mean. Apps imported from F-Droid are grouped under this profile for provenance; each one credits its own author, who wrote it.

3217

apps listed

Apps from F-Droid

Each listing below carries the hash and certificate fingerprint for its current build. Because these apps share a publisher, they also share a signing key — which means a build that claims to come from F-Droid but presents a different fingerprint is telling you something useful.

Clauncher

MLM Games

vv5.2.111.7 MBAndroid 7.0+

Clay Tablet

F-Droid

v1.05.2 MBAndroid 8.1+

ClayModeller

mretallack

v1.0.05.6 MBAndroid 8.0+

Clean Timer

Matt Zhang

v1.11.6 MBAndroid API 15+

CleanShare

hxreborn

v3.1.32.4 MBAndroid 11+

ClearClipboard

amnesica

v1.0.45.7 MBAndroid 9.0+

Clementine Remote

F-Droid

vv123.3 MBAndroid API 15+

Clench Wallet

Clench Wallet

v0.3.2134.6 MBAndroid 8.0+

CleverKeys

tribixbite

v1.4.058.6 MBAndroid 5.0+

Click Switch

F-Droid

v8.7.64.6 MBAndroid 7.0+

Clipboard Cleaner

F-Droid

v1.8.11 MBAndroid API 16+

Clipeus

lucky

v1.1.12.7 MBAndroid 6.0+
💬

Cloak

Andy Wang

v2.12.014.1 MBAndroid 5.0+

Clock

Vayun Mathur

vv2.5.612.4 MBAndroid 12+

Clock

F-Droid

v2.316.6 MBAndroid 6.0+

Clock You

You Apps

v11.03.1 MBAndroid 6.0+

Closet-Archive

Bahaa Tuffaha

v1.1.0101.4 MBAndroid 7.0+

Code Rain Wallpaper

Zagura

vy24-v21.2 MBAndroid 5.0+

Code Word

Jake Rosin

v1.4.48.8 MBAndroid 5.0+

CodeCatcher

F-Droid

v1.0.1312.4 MBAndroid 7.0+

Coffee

F-Droid

v2.262.7 MBAndroid 6.0+

Page 22 of 135

Definition

What “verified publisher” means here

It is a claim about identity, not about quality. A verified publisher on APKBrowse has demonstrated two things: that they control the domain their software ships from, and that they control the signing key their builds are signed with. We check the second against the first — a build arriving from the publisher's own release channel, signed with the key we already have on file for them, is one we can attribute with confidence.

That attribution is the whole point. Once a certificate fingerprint is recorded against a publisher, every later release can be checked against it, and anything signed with a different key stops looking like an update and starts looking like a different app wearing the same name. Android enforces this rule at install time regardless of what we say — it will refuse an update signed with a key that does not match the version already on the device. We are simply making the fingerprint visible before you get that far.

What the badge does not mean: that we have audited the code, that we endorse the app, or that the privacy policy is any good. Those are separate questions, and a verified publisher can still ship something you would rather not install. Verification tells you who wrote it. Deciding whether to trust them is still yours.