Hello,
Sorry to bring this up again
But I’m confused about where is the recommended place is to get Cake Wallet for Android.
This page recommends Accrescent, but that repository doesn’t get updated as quickly.
I am not talking about Google Play or the Apple App store, but the foss/self-hosted alternatives.
Currently as of typing this:
- Accrescent (out of date)
- F-Droid repo (out of date)
- Github/Obtainium (up to date)
- Google Play store (up to date)
I was going to go with Obtainium because it looks like that gets updated faster, but the signing hash to use with app verifier appears to only be on your Github which somewhat defeats the purpose of verifying since it is on Github.
Where else can I get the signing certificate hash besides Github?
com.cakewallet.cake_wallet
C5:40:53:AB:0F:10:D9:54:17:62:A3:DA:76:65:AE:3D:BA:5E:7C:74:3A:B4:F1:08:A5:34:9D:62:AC:10:6E:F5
Thanks guys, your work is much appreciated!
2 Likes
Hi, no worries, nothing to feel sorry about here.
Techically, all 4 are recommended and official places to get Cake Wallet application and its updates from. Unfortunately some may lag behind more than others. I personally use Obtainium 9/10 times, but it becomes more of a personal choice or preference, in my humble opinion.
Accrescent got the very latest Cake and Cupcake builds about an hour ago and I confirmed with someone else on Discord that this was the case, for what it is worth. F-Droid is outdated, but will be updated within a couple of days or so. I can circle back and ping you when it’s been taken care of, if you’d like me to.
I’m not sure where else could you get the signing certificate from other than GitHub myself, but I’m happy to ask internally and get back to you on that! 
Much appreciated! Are the release times across the different places out of Cake Wallet’s hands? In that case I will probably stick to Obtainium as well.
Thank you! Here is some cake for you:
2 Likes
As far as I know, in Cake Wallet’s hands, they just aren’t handled by the same person for one, for two, they may experience delays if maintainer is traveling, on vacation, can’t do it right there and then, and so forth…
I asked for you and unfortunately they don’t see a need to have the signing key posted elsewhere besides GitHub, at least not now… 
but hey, if you want to share reasons as to why we should, I’m happy to pass those along as well and discuss, if need be.
Thank you!
The reason why you would want the signing key available in multiple locations is if somehow Cake Wallet’s Github account was compromised, the attacker could change the binaries being released, and then also change the signing key to match the malicious binaries so no one would even know.
If the signing key is in multiple places, then the attacker would have to hack the Github and the {twitter account, this forum, etc} to also replace the signing keys.
2 Likes
