Binary Transparency Logs

Whenever a new index is published, our log of the signed app index metadata is appended to. This is stored in a git repository, which serves as an imperfect append-only storage mechanism – a step happening automatically whenever a new index is being deployed.

Those logs allow you e.g. to verify that the APK you got from this repo wasn't specifically tailored for you (aka „Bundestrojaner“ or „targeted backdoors“) but indeed was regularly published, as the index contains the checksums of all the APK files present at the time of the corresponding commit.

Similar Binary Transparency Logs are provided e.g. by

• F-Droid
• the Guardian Project
• Debian
• Mozilla

For a detailed description, see e.g. the article Transparent Logs for Skeptical Clients.