Login
You're viewing the mastodon.social public feed.
  • SimpleX Chatsimplex
    Dec 24, 2025, 10:52 PM

    A big news for SimpleX Chat app security:

    Android APKs released on GitHub and F-Droid are now 100% reproducible!

    It means that you can verify that the app is secure, even if the download site was hacked.

    From v6.5 our release process is:

    1) build Android apps on two independent systems and confirm they are 100% identical;
    2) cryptographically "sign" them;
    3) add signature files to the release page.

    v6.5 beta.3 release: github.com/simplex-chat/simple

    Image attached toot
    💬 2🔄 20⭐ 43

Replies

  • SimpleX Chatsimplex
    Dec 24, 2025, 10:53 PM

    Server and Linux desktop builds were already reproducible, and Android APKs are now as secure.

    Anyone can check it themselves - no coding needed, just follow our simple guide to verify the app is genuine or run the build yourself: simplex.chat/reproduce/

    💬 1🔄 6⭐ 21
  • 💬 1🔄 0⭐ 0
  • 💬 0🔄 0⭐ 0
  • sugargrit
    Dec 25, 2025, 3:40 AM

    @simplex But Fdroid says "No Compatible Signer". Does that mean Play Store apk is signed by a different key?

    💬 0🔄 0⭐ 0
  • sugargrit
    Dec 25, 2025, 3:41 AM

    @simplex But Fdroid says "No Compatible Signer". Does that mean Play Store apk is signed by a different key?

    💬 1🔄 0⭐ 0
  • SimpleX Chatsimplex
    Dec 25, 2025, 6:10 PM

    @sugargrit Play Store APK is signed by Google, and it's not going to be the same as the one on GitHub, as Play Store accepts bundle, and does it's own compression.

    F-Droid is signed by F-Droid. From v6.5 it will be identical to the one on GitHub (except the signature). We won't be changing key though, as it would be disruptive to the users.

    💬 1🔄 0⭐ 1
  • sugargrit
    Dec 26, 2025, 1:47 AM

    @simplex Got it. Thank you.

    💬 0🔄 0⭐ 1