If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: izzyondroid.org/about/security/SigningKeys - Signing Keys - IzzyOnDroid.

site address: izzyondroid.org/about/security/SigningKeys/ redirected to: izzyondroid.org/about/security/SigningKeys

site title: Signing Keys - IzzyOnDroid

Our opinion (on Wednesday 15 July 2026 18:43:13 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=What is Android app signing, and how does IzzyOnDroid check signing keys?;

Headings (most frequently used words):

signing, keys,

Text of the page (most frequently used words):
the (26), for (14), app (14), and (13), with (11), your (9), signed (8), this (8), certificates (7), certificate (6), are (6), not (5), #signing (5), keys (5), izzyondroid (5), update (4), check (4), apks (4), developer (4), android (4), apk (3), key (3), details (3), that (3), updates (3), could (3), our (3), repository (3), such (3), while (3), those (3), against (3), install (3), first (3), considered (3), control (3), keystore (3), developers (3), they (3), you (3), trust (3), device (3), contact (3), reproducible (3), builds (3), documentation (3), contributing (3), faq (3), get (3), started (3), about (3), should (2), take (2), measures (2), see (2), rejected (2), future (2), accepted (2), its (2), metadata (2), some (2), would (2), compromised (2), who (2), access (2), having (2), already (2), installed (2), tofu (2), time (2), inclusion (2), prevent (2), from (2), characters (2), when (2), without (2), credentials (2), public (2), accept (2), etc (2), debug (2), them (2), built (2), their (2), need (2), establish (2), which (2), one (2), more (2), verification (2), hints (2), builders (2), best (2), practices (2), general (2), resources (2), security (2), home (2), made, material, mkdocs, back, top, different, arrive, here, proper, ensure, justified, possible, stays, disabled, until, situation, solved, even, removed, how, keep, safe, what, event, loss, initial, into, pin, recording, hash, keyword, reason, change, repo, right, away, have, been, malicious, actor, gained, protected, above, protect, wanting, allowedapksigningkeys, contained, within, subject, issuer, might, getting, published, bad, practice, introduced, mistake, creating, entering, happening, carefully, enter, copy, pasting, correct, input, using, backspace, list, leaked, point, became, knowledge, often, shared, used, malware, groups, test, intended, educational, purposes, these, automatically, generated, building, tools, easy, testing, rather, weak, also, has, much, over, now, always, ships, respective, properly, basically, stating, provide, otherwise, supporting, architecture, version, accepts, choice, makes, sure, respect, means, only, very, same, use, requires, all, digitally, before, updated, achieve, maintain, keystores, plus, holds, digital, identifying, owner, distinctive, name, providing, hashes, allow, verifying, builder, preparing, recipes, known, failed, rbs, useful, links, sign, commits, replacing, proprietary, libraries, push, notifications, miscellaneous, yaml, running, mirror, fastlane, policy, new, inclusions, mirrors, donating, schedules, badges, shields, assets, apis, browser, binary, transparency, logs, scans, initializing, search, free, world, under, threat, google, changing, way, apps, help, keepandroidopen, org, skip, content,


Text of the page (random words):
signing keys izzyondroid skip to content the free android world is under threat and izzyondroid with it google is changing the way you install apps on your device we need your help keepandroidopen org izzyondroid signing keys initializing search home about get started faq contributing documentation contact izzyondroid home about about security security apk scans binary transparency logs our repository browser reproducible builds signing keys resources resources apis assets badges shields schedules get started get started faq faq contributing contributing donating mirrors builders new app inclusions documentation documentation general general app inclusion policy fastlane running a mirror yaml metadata developer best practices developer best practices miscellaneous hints push notifications replacing proprietary libraries sign your commits useful links reproducible builds reproducible builds debug failed rbs establish an app for rb known verification builders preparing recipes rb hints for developers verification builder contact contact signing keys android requires that all apks be digitally signed with a certificate before they are installed on a device or updated to achieve this developers maintain one or more keystores plus the credentials to access them a keystore holds one or more of those digital certificates identifying their owner by a dn distinctive name and providing hashes which allow verifying the certificate when you install an app for the first time you establish a trust tofu trust on first use basically stating i trust the developer who built and signed this app to provide me with this app and future updates for it if the app is otherwise ok supporting your device s architecture android version etc android accepts your choice and makes sure to respect it which means updates for this app are only accepted if they are signed with the very same certificate now izzyondroid always ships the apks built and signed by their respective developers so we need to check they are properly signed for this we check the certificates on app inclusion we do not accept apks signed with debug certificates these are automatically generated by the building tools for easy testing and considered rather weak also the developer has not much control over them we do not accept apks signed with public certificates e g test keys intended for educational purposes etc we check against a list of leaked certificates i e certificates to be considered compromised as at some point keystore and credentials became public knowledge such certificates are often shared and used by malware groups we check against control characters contained within the subject and issuer of the certificate while this might not prevent your app from getting published it is considered bad practice control characters could be introduced by mistake when creating the certificate or keystore while entering dn details to prevent this from happening carefully enter your details without copy pasting and without having to correct your input e g using backspace with the initial apk accepted into our repository we pin its certificate by recording its hash with the app s metadata the keyword for that is allowedapksigningkeys so should the signing key for some reason change with an update such update would be rejected by our repo right away it could have been compromised e g by a malicious actor who gained access to the app s repository while those having the app already installed would be protected against such update already see tofu above this is to protect those wanting to install it for the first time should an apk signed with a different key arrive here we take proper measures to ensure it is justified for details see e g how to keep your key safe and what measures to take for the event of loss or if that s not possible the update stays rejected and future updates disabled until the situation could be solved or the app even be removed back to top made with material for mkdocs
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)
  • logo

Verified site has: 38 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-38


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/1.1 301 Moved Permanently
Location htt????/izzyondroid.org/about/security/SigningKeys/
Server Caddy
Strict-Transport-Security max-age=31536000
Date Wed, 15 Jul 2026 18:43:13 GMT
Content-Length 0
Connection close
HTTP/2 200
accept-ranges bytes
alt-svc h3= :443 ; ma=2592000
cache-control max-age=60, stale-while-revalidate=3600
content-type text/html; charset=utf-8
date Wed, 15 Jul 2026 18:43:13 GMT
etag sha256-535869ea5f6732319077e7b3370e80761acb438b4d35e816f33bdd4bc65af917
last-modified Fri, 05 Jun 2026 11:14:13 GMT
server git-pages (rage4-fra2)
strict-transport-security max-age=31536000
vary Accept-Encoding
via 1.1 Caddy
x-content-type-options nosniff
content-length 51513

Meta Tags

title="Signing Keys - IzzyOnDroid"
charset="utf-8"
name="viewport" content="width=device-width,initial-scale=1"
name="description" content="What is Android app signing, and how does IzzyOnDroid check signing keys?"
name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.21"
name="referrer" content="strict-origin-when-cross-origin"
http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'self'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: htt????/nlnet.nl/ htt????/img.shields.io; font-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
property="og:type" content="website"
property="og:title" content="Signing Keys - IzzyOnDroid"
property="og:description" content="What is Android app signing, and how does IzzyOnDroid check signing keys?"
property="og:image" content="htt????/izzyondroid.org/assets/images/social/about/security/SigningKeys.png"
property="og:image:type" content="image/png"
property="og:image:width" content="1200"
property="og:image:height" content="630"
property="og:url" content="htt????/izzyondroid.org/about/security/SigningKeys/"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="Signing Keys - IzzyOnDroid"
name="twitter:description" content="What is Android app signing, and how does IzzyOnDroid check signing keys?"
name="twitter:image" content="htt????/izzyondroid.org/assets/images/social/about/security/SigningKeys.png"

Load Info

page size51513
load time (s)0.273991
redirect count1
speed download188692
server IP 185.187.152.7
* all occurrences of the string "http://" have been changed to "htt???/"