Regarding the different SHA1 signatures of software of the same version,
Closed this issue · 3 comments
Expected behavior
This file comes from:https://apkpure.com/cn/alipay/com.eg.android.AlipayGphone/variant/10.2.30.6427-APK
that file comes from:https://www.apkmirror.com/apk/alipay-com/alipay/alipay-10-2-30-6427-release/alipay-10-2-30-6427-android-apk-download/
Actual behavior
Steps to reproduce the problem
Please pay attention to the two download addresses, the SHA1 of the software with the same version number and the same variant is completely inconsistent, but the SHA1 of apkpure is exactly the same as the SHA1 I downloaded from google play, which makes me very worried, please tell me the answer,
Thank you for your reply, I also think that the software signature has always been proved to be very secure, but why are the MD5, SHA-1, SHA-256 of the same version provided by the two websites completely different, but the MD5, SHA-1 provided by apkpure , SHA-256 is exactly the same as I extracted after downloading from google store, can you explain the problem?