• Jajcus@kbin.social
    link
    fedilink
    arrow-up
    9
    arrow-down
    4
    ·
    1 year ago

    Probably most other apps are correctly signed with the same certificate on both sites.

    • leinardi@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      No they are not: F-Droid builds a signs the apps independently. Source: I have apps on both stores.

      • JoeyJoeJoeJr
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        You can actually sign the F-Droid app yourself, if you use reproducible builds.

        There’s reasonable odds the signatures still won’t match though, because Google requires App Bundles now, and then they build and sign the APK, rather than allowing the developer to build and sign their own APK.

        Technically you can use the same key (see “Best Practices” of this page), but it’s kind of shady, and requires giving your private key to Google.