You can download the app for free in the Apple App Store or in the Google Play Store.
For regulatory reasons, the iOS app is unavailable in the following countries: Kosovo, North Macedonia, Egypt, Iraq, Mali, Chad, Cote d’Ivoire, Algeria, Afghanistan, Yemen, Libya, Eswatini, the Democratic Republic of the Congo, Zimbabwe, Liberia, Mauritius, the Republic of the Congo, the Bahamas, Bolivia, El Salvador, Mainland China, Nepal, Myanmar and Morocco.
Verifying the LIQUID .apk file
For users who prefer or need to sideload the app, we provide the .apk file directly on our website. To ensure the security and integrity of the application, we recommend verifying the .apk file before installation (see below). Also, keep in mind that you will need to manually install updates yourself.
- Download the .apk file here: liquid-297.apk
Verify the integrity of downloaded file with the sha256 hash of the NGRAVE signing certificate:
55d2e38b1e718a501d9a34b72d21a6e23937dd06f94eee53a5c9aacc3fa44dd6
Or, formatted as a fingerprint:
55:D2:E3:8B:1E:71:8A:50:1D:9A:34:B7:2D:21:A6:E2:39:37:DD:06:F9:4E:EE:53:A5:C9:AA:CC:3F:A4:4D:D6
On Android (Using APK Analyzer)
You can verify the .apk file directly on your Android device using the APK Analyzer app.
APK Analyzer is an open-source tool that provides detailed reports of installed apps and APK files stored on your device. It offers insights into app naming and version data, target and minimal Android versions, install and update dates, certificate and app sign data, used permissions, and more.
- Download and Install APK Analyzer:
- Google Play Store - https://play.google.com/store/apps/details?id=sk.styk.martin.apkanalyzer
- APK mirror - https://www.apkmirror.com/apk/martin-styk/apk-analyzer/
- Open APK Analyzer.
- Open the context menu of APK Analyzer (3 dots in the top right) and select Analyze APK from external file.
- Browse to the downloaded .apk file, select it and tap Done.
- The sha256 hash of the signing certificate can be found under the tab Certificate.
Compare the sha256 hash of signing certificate: ensure that the displayed certificate hash matches the official hash provided above.
Example of the output in APK Analyzer
On Desktop (Using apksigner or keytool)
Users on Windows, macOS, or Linux have 2 options:
- You can use the Android SDK tools to verify the .apk file with apksigner.
- Or you can manually extract the certificate from the APK and verify its details with with keytool from Java.
Option 1: Using apksigner (Android SDK)
- Download and install Java.
https://www.java.com/en/download/ - Obtain the apksigner tool.
Apksigner is included in the Android Studio software development kit: https://developer.android.com/studio.
Or you can download the standalone version separately using the following links: - If you have Android Studio installed, apksigner can be found in your SDK/build-tools folder. To find the location of your SDK folder, open Android Studio and go to Projects → More actions → SDK Manager.
For example:- macOS -
/Library/Android/sdk/build-tools/<version>/apksigner - Windows -
C:\Users\<You>\AppData\Local\Android\Sdk\build-tools\<version>\apksigner.bat
If you downloaded the apksigner standalone version using the links above, unzip it to any convenient location. - macOS -
- Open Windows PowerShell or the Command Prompt on Windows, Terminal on macOS, or a terminal window on Linux and run the verification command.
For example, on Windows with Android Studio installed:[Path to apksigner] verify --print-certs [path to APK file]
On macOS or Linux with the apksigner tool unzipped to the~/Downloads/android-14 folder.C:\Users\Ngrave\AppData\Local\Android\Sdk\build-tools\34.0.0\apksigner verify --print-certs C:\Users\Ngrave\Downloads\liquid-2.9.5.apk~/Downloads/android-14/apksigner verify --print-certs ~/Downloads/liquid-2.9.5.apk - Look for the line beginning with
Signer #1 certificate SHA-256 digest
If the two checksums match, you know the APK file is secure and can be trusted.
Example of the command and output with apksigner for the LIQUID 2.9.5 release
Option 2: Using Keytool (Java SDK)
Alternatively, you can manually extract the signing certificate and verify it with keytool.
- Download Java Development Kit (JDK):
- https://adoptium.net (recommended open-source JDK)
- Or from Oracle: https://www.oracle.com/java/technologies/javase-downloads.html
- Install the JDK for your operating system.
- Verify keytool is installed by running:
keytool -help - An .apk file is a sort of a library, which can be unpacked similar to a .zip file. You may need to do this multiple times, until you see a folder structure.
You can find the signing certificate in META-INF >> RELEASE.RSA - Open Windows PowerShell or the Command Prompt on Windows, Terminal on macOS, or a terminal window on Linux and run the verification command.
keytool -printcert -file [path to RELEASE.RSA] - Look for the relevant output:
Owner: O=ngrave
Issuer: O=ngrave
(...)
Certificate fingerprints:
SHA256: 55:D2:E3:8B:1E:71:8A:50:1D:9A:34:B7:2D:21:A6:E2:39:37:DD:06:F9:4E:EE:53:A5:C9:AA:CC:3F:A4:4D:D6 - Compare this SHA-256 value with the official LIQUID signing certificate fingerprint listed above.
Note that keytool displays the value in a 'fingerprint' format, which is the same value in uppercase and separated by colons.
Example of the command and output with keytool for the LIQUID 2.9.5 release