Checksum

The idea behind Checksum is to have a centralized, user-data-driven way to check an app (apk) checksum, in the same way that a Linux package (on Ubuntu, for instance) is checked for gpg signature.

Since such checksums are not available, the database is constantly being builded up and improved thanks to users' contributions: each user, by simply using this app, automagically submits his apps checksums, which, in turn, are checked with other values submitted by other users: a final "report" drawn up according to the "statistic diffusion" of hashes lets this application show, for each featured app, a value of "goodness" that is to say how many users have the same hash of yours!

It's important to specify that Checksum doesn't carry out malware or other antivirus-like checks, only a simple check about the app checksum,

that is to say a check about the app integrity.

** Okay, but what's the point of all this? Why?

Because a lot of malwares (or malicious behaviours) are spread by modifying some apps "in the wild",decompiling and repacking them with some "unofficial" features.

Checking the checksum could help understand if an app, installed from an alternative market or from other sources, is by any means "different" from the same app on other devices.

Have you read of Masterkey bug on Android? This could help!

** How do you define the "same" app?

We use package name, version name, version code and signature to identify an app univocally.

** What about the notifications?

Each time you install or update A new app on your device, it will be automagically checked by this app: don't worry, no personal information, only app data and signature.

** What if I'm a developer and I have made changes to my app on device?

If you run your app from Eclipse (or other IDE) directly on your device (and you have this app) you'll see the "goodness" of your app decreasing.

But don't worry, since this information is based also on signature (and you're using your debug key to test your app,aren't you?), your official app on the market (signed with your developer key) will always be identified differently, and "reported" as a different app to our system.

** What about the report? Red values? Green Values? N/A?

A value in red IS generally an indicator that the hash calculated from the app on your device is very different from the majority of reports.

A value in red identifies an app that is identical to the majority of reports.

A N/A report is returned when we don't have enough data on our system to give you a good report about it: retry later, wait for some users reports (or ask friends to contribute)!

** Ideas? Contribute? Write to us!

If you think of any ways to improve this app, or if you want to use our data, feel free to write to us! mobile AT rehacktive.net

And of course, the more people use this app, the more "statistically good" information you'll have about your apps! So invite your friends to collaborate…it's free, no ads!