Check APK authenticity

Does anyone know of a way to verify the signing certificate on an APK so it matches a SHA256 fingerprint?

Preferably on grapheneOS itself otherwise I'll need to mess around for authentication on my laptop.

If it's not possible maybe a good idea for an inbuilt grapheneOS app in the future.

My use case is checking signal apk from https://signal.org/android/apk/ if anyone is wondering.

AppVerifier is an app developed by a GOS community member.

Dumdum pretty sure I stumbled upon that ages ago but forgot the name. I'll check it out.

justinc Np. Right now I would say we are in a chicken and the egg situation. Hopefully it can all get figured out soon

I am unable to mark it as solved I may not have the level of privileges to do so.

The AppVerifier works fine if you have the SHA256 fingerprint to cross reference.

I'm using it for signal which gives you the fingerprint to reference.