Why top1iq.com is 100% safe?
Note: We’ll decline all APKs with ‘debug’ certificate, which are not safe.
Trusted Badge
Official records from top1iq and Google Play confirm that the developer used a trusted and verified digital signature. The downloadable file is original and it has not been modified in any way.
Why using SHA1 to check the identification of certificate is safe?
That’s a cryptography problem. Please refer to the following authoritative information to check the reason.
How do we make sure the updated Apps are real and created by the respective developers?
1. All top1iq.com apps are verified prior to publishing.
2. We make sure that the cryptographic signatures for new versions of all previously published apps match the original ones, which means we know if the new version APKs were signed by the real devs or someone pretending to be them.
3. For new apps that have never been published on top1iq.com, we try to match the signatures to other existing apps by the same developer. If there’s a match, it means that the same key was used to sign a previously known legitimate app, therefore validating the new upload. If we’re unable to verify the legitimacy of a new APK, we will simply not publish it on top1iq.com.
References
1.Wiki:Android application package
3.Application Signature Verification: How It Works
4.Understanding Signing and Verification
5.X.509 Certificates and Certificate Revocation Lists (CRLs)
