Only the latest version is supported for bug fixes and security patches. Please keep the app updated to the latest version.

If downloading the app from other sources than Google Play or this repository, it is recommended to verify the APK before installation. This ensures the downloaded app is an official copy of Choona.

To verify the downloaded app before installing it, you can use the apksigner tool in the Android SDK Build Tools.

Use the following command to check the SHA-256 signing certificate fingerprint of the downloaded APK:

apksigner verify --print-certs [path to Choona APK]

The SHA-256 signing certificate fingerprint should match the following:

C8:AA:2E:57:D2:17:7B:0F:72:15:63:EC:DC:C6:80:51:DA:AE:4C:01:77:39:0E:F8:27:94:3C:3D:7E:22:A3:7B

This is listed as Signer #1 certificate SHA-256 digest in the command's output.

You can confidentially report security vulnerabilities here.