Skip to content

Publisher

Halcyon Works

Listed

Halcyon Works is a four-person cooperative that builds small consumer apps under a source-available licence and publishes each release artifact openly instead of only through storefronts. Its APKBrowse publisher verification is still in progress, so these listings are maintained from the cooperative's public release feed and cross-checked against the checksums it publishes, rather than from an attestation given directly to us. Halcyon has publicly authorized open redistribution of its Grainline Darkroom builds and has made no statement either way about mirrors of its other two apps.

3

apps listed

3

with a certificate on file

3

categories

Apps from Halcyon Works

Each listing below carries the hash and certificate fingerprint for its current build. Because these apps share a publisher, they also share a signing key — which means a build that claims to come from Halcyon Works but presents a different fingerprint is telling you something useful.

Definition

What “verified publisher” means here

It is a claim about identity, not about quality. A verified publisher on APKBrowse has demonstrated two things: that they control the domain their software ships from, and that they control the signing key their builds are signed with. We check the second against the first — a build arriving from the publisher's own release channel, signed with the key we already have on file for them, is one we can attribute with confidence.

That attribution is the whole point. Once a certificate fingerprint is recorded against a publisher, every later release can be checked against it, and anything signed with a different key stops looking like an update and starts looking like a different app wearing the same name. Android enforces this rule at install time regardless of what we say — it will refuse an update signed with a key that does not match the version already on the device. We are simply making the fingerprint visible before you get that far.

What the badge does not mean: that we have audited the code, that we endorse the app, or that the privacy policy is any good. Those are separate questions, and a verified publisher can still ship something you would rather not install. Verification tells you who wrote it. Deciding whether to trust them is still yours.