Note: We’ll decline all APKs with ‘debug’ certificate, which are not safe.
Why using SHA1 to check the identification of certificate is safe?
That’s a cryptography problem. Please refer to the following authoritative information to check the reason.
How do we make sure the updated Apps are real and created by the respective developers?
1. All ApkPC.com apps are verified prior to publishing.
2. We make sure that the cryptographic signatures for new versions of all previously published apps match the original ones, which means we know if the new version APKs were signed by the real devs or someone pretending to be them.
3. For new apps that have never been published on ApkPC.com, we try to match the signatures to other existing apps by the same developer. If there’s a match, it means that the same key was used to sign a previously known legitimate app, therefore validating the new upload. If we’re unable to verify the legitimacy of a new APK, we will simply not publish it on ApkPC.com.