J
@light hi, it's very likely that Cwtch is signed on Google Play by Google instead of Cwtch, so we have Google's information in the database.
You should submit yours!
We have a process to add multiple legitimate signatures to a single app for cases like this, but our dataset criteria is to only add user-submitted hashes, so we need your help 
I'm testing out something new: https://discuss.privacyguides.net/t/verified-apps-app-for-android-pre-release/38348
Last week Privacy Guides posted about building a database of signing certificates for Android apps, so that people can validate their APK files against an independent source.
Now, I've released an (alpha) version of a new app which:
Checks the apps on your phone against our database, and let's you know which apps match, and
Makes it super easy for you to submit any apps you have installed which aren't in our database yet!
If you want to help submit your apps to our crowdsourced dataset, please give it a try and let me know what you think!
If anyone uses #AppVerifier on #Android we are hoping to publish a database of APK signatures to privacyguides.org soon, and are accepting crowdsourced submissions now: https://github.com/privacyguides/verified-apps/issues/new?template=app-submission.yml
If you can contribute some apps you use, we'd appreciate it!
RE: https://mastodon.neat.computer/@privacyguides/116534788653990992
This was one of @Em0nM4stodon's final projects she did with us, and I'm super happy to finally be able to share it with you all. It's a very comprehensive resource I hope privacy advocates will find valuable!
Our ongoing work at Privacy Guides doesn't come cheap. If you find the work we're doing valuable: reaching new audiences via video, reviewing new privacy projects, and creating resources and community for those passionate about data privacy; we greatly appreciate those who become a member or send us a one-time donation at https://www.privacyguides.org/donate