aixan/lawnchair
1
0
Fork 0
mirror of https://github.com/LawnchairLauncher/lawnchair.git synced 2026-02-20 03:08:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
79c79f8507d9a86fb0096a464dc2bb886bbf4c8a
lawnchair/VERIFICATION.md
Pun Butrach dd4a08be61 Merge tag 'android-16.0.0_r3' into 16-dev 
Android 16.0.0 Release 3 (BP3A.250905.014)

Signed-off-by: Pun Butrach <pun.butrach@gmail.com>
2026-01-10 20:46:04 +07:00

1.3 KiB
Raw Blame History

Lawnchair verification

Lawnchair apk are cryptographically signed and can be verified using two verifications system.

  1. GitHub or SLSA attestations
  2. SHA256 of android app certificate

SLSA Attestation

Lawnchair repository is SLSA-Level 2 compliance and can be verified using a provenance.

Note

It is possible to verify without GitHub CLI by cross-referencing check from GitHub Attestation with Sigstore Rekor

  1. Install GitHub CLI
  2. Download the APK and attestation from GitHub Attestation
  3. Run gh attestation verify APK -R LawnchairLauncher/lawnchair, replace {APK} with the actual APK file
  4. Done

Android App Certificate

Lawnchair have two app certificates:

  • Google Play: 47:AC:92:63:1C:60:35:13:CC:8D:26:DD:9C:FF:E0:71:9A:8B:36:55:44:DC:CE:C2:09:58:24:EC:25:61:20:A7
  • Elsewhere:
    74:7C:36:45:B3:57:25:8B:2E:23:E8:51:E5:3C:96:74:7F:E0:AD:D0:07:E5:BA:2C:D9:7E:8C:85:57:2E:4D:C5

On Android, using a verification app like AppVerifier can ease up the verifying process.

Reference in New Issue View Git Blame Copy Permalink