How do you check apk signatures via Obtainium?
TIL: You can use Obtainium as a complete f-droid client replacement
Obtainium just keeps surprising me. Yesterday through nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g I found out you can add f-droid apps (even from 3rd party repos) to Obtainium and even search for them!
I tried to migrate all my f-droid apps to it and managed to do it. I even uninstall the fdroid client I was using: droid-fy.
Discussion
You don't, unfortunately.
That's why Obtainium is a bad option when it comes to security.
Using official repository of F-Droid you mitigate cyber risk.
That's not true. You are just trusting fdroid maintainers since they are the ones signing apks with their keys.
You're using a centralized curation service. Arguing that is more "secure" is very dubious.
If the original devs don't provide sigs, there's not much you can do.