Reproducible Builds: Verify our Android app builds bit-for-bit

Starting with version 2025.2, our Android app builds are reproducible. This means you can verify that the app you download and install is built from the open source code we publish.

What are Reproducible Builds?

A build is reproducible if: given the same source code, build environment and build instructions, any party can recreate bit-for-bit identical copies of all specified artifacts.

For a build to be reproducible, the build output must not include any information that would vary depending on when it is built or on what machine it is built (such as timestamps or file paths). For a deeper dive, check out the resources at reproducible-builds.org.

Why does this matter?

Reproducible builds provide a strong guarantee that the app you install hasn’t been tampered with. When builds produce bit-for-bit identical results, it provides assurance that:

•     The published source code matches what’s actually distributed to users.
•     No unintended modifications occurred during the build process.

We believe transparency is crucial for security software. Investing in reproducible builds is a testament to our commitment to providing you with a trustworthy and secure application.

How to verify

We encourage technically inclined users to verify our builds. You can find instructions on how to perform the verification process in our Git repository.

To help ensure we are able to produce reproducible builds over time we have added initial such checks to our continuous integration (CI) environment.