Submit Android apps to our AppVerifier database
Privacy Guides Community [Unofficial]
June 1, 2026
If you are interested in an update, we now create an artifact via a reusable workflow:
github.com/privacyguides/verified-apps
.github/workflows/create-artifact.yml
0e31bb824
name: Create data.yml artifact
on:
workflow_call:
inputs:
ref:
description: Git ref to checkout (commit SHA or branch; default is the triggering ref)
type: string
required: false
default: ""
jobs:
artifact:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
This file has been truncated. show original
And then attest that artifact with a separate org-wide reusable workflow in a different repo:
github.com/privacyguides/.github
.github/workflows/sign-artifact.yml
4e59f962b
name: Sign Artifact
on:
workflow_call:
inputs:
artifact-path:
required: true
type: string
description: "Path to the artifact to be signed"
artifact-name:
required: true
type: string
description: "Name of the artifact to download"
jobs:
sign:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
This file has been truncated. show original
Called from
github.com/privacyguides/verified-apps
.github/workflows/new-submission.yml
0e31bb824
1688. uses: privacyguides/.github/.github/workflows/sign-artifact.yml@5c41b37a937aab5e50262f3ab672fc9b9438dbf9
1689. with:
1690. artifact-name: database
1691. artifact-path: data.yml
And
github.com/privacyguides/verified-apps
.github/workflows/publish-release.yml
0e31bb824
21. uses: privacyguides/.github/.github/workflows/sign-artifact.yml@5c41b37a937aab5e50262f3ab672fc9b9438dbf9
22. with:
23. artifact-name: database
24. artifact-path: data.yml
So the build signer URI will always be https://github.com/privacyguides/.github/.github/workflows/sign-artifact.yml@5c41b37a937aab5e50262f3ab672fc9b9438dbf9.
Discussion in the ATmosphere