Install Sendant directly — and verify it's really us
Updated 11 July 2026
For de-Googled phones, GrapheneOS, restricted regions, or anyone who would rather check every byte than trust a store. Download the app, confirm it was signed by Sendant, and install — three steps, each one you can verify yourself.
Why this page exists: if you can't or won't use the Play Store, you shouldn't have to take a download on faith. So we don't just hand you an APK — we hand you the signing-certificate fingerprint and the exact command to check it. If the fingerprint matches, the app was built and signed by Sendant and nobody altered it in between. That check is the whole point, and it takes about thirty seconds.
Prefer a store? Google Play · F-Droid (planned). Whichever source you use, the signing fingerprint below is how you confirm the copy is genuinely ours.
Three steps, and what each one proves
-
1 · Download the APK
Tap the button above. Your browser may warn you about downloading an APK — that's expected for any file that isn't from the Play Store, and it's exactly why the next step exists.
Proves nothing yet — a download alone is just bytes. Don't install it until step 2 checks out.
-
2 · Verify it was signed by Sendant — the step that matters
Every Android app is signed with a private key only its developer holds. You can read the fingerprint of that key off the file you just downloaded and compare it to ours. If they match, this APK genuinely came from Sendant and hasn't been modified.
On a computer with the Android SDK (build-tools):
# reads the signing certificate out of the downloaded file apksigner verify --print-certs sendant-1.0.93.apkThe "SHA-256 digest of certificate" it prints must equal:
2128421c489906f43fac5c44dc610e8ac2c3bde8a1ee42ded2466139ab36f0f2Proves the app came from Sendant, unaltered. A matching fingerprint means this APK was signed by the holder of Sendant's private key and changed by no one since. Record this value, and treat a fingerprint that ever changes as a reason to stop and check.
Don't take that fingerprint from this page alone — cross-check it against DNS:
# the same fingerprint, published on separate infrastructure dig +short TXT _sendant-direct.sendant.ioThe TXT record answers with
…sha256=2128421C…F0F2— the same fingerprint as above. It lives in DNS, behind a different service and permission boundary than this page, so whoever could tamper with the download page can't, with that access alone, also rewrite this record. If the value on the page and the value in DNS ever disagree, or either one differs from what your APK prints, stop and don't install. Honest limit: this page is served from AWS and the DNS record lives on a separate DNS provider (DNSCove) — two independent accounts, so compromising either one alone can't forge both; only someone holding both credentials could. It is a strictly stronger check than a fingerprint you could only read in one place.Optional — also check the file didn't corrupt in transit:
# macOS / Linux shasum -a 256 sendant-1.0.93.apkExpected SHA-256:
e3c9a79d875cc2b8842e335e97b3fb22e2cca581ab3f788ea78e5a0430c4ea08A matching SHA-256 only means the download wasn't corrupted or truncated. It is not proof of authenticity on its own — whoever controls a website controls both the file and the hash printed next to it. The signing fingerprint above is the real anchor; treat the hash as a bonus integrity check.
-
3 · Install
Open the downloaded file. Android will ask permission to install from this source the first time — grant it for your browser, then confirm the install. On GrapheneOS and most de-Googled ROMs this is the normal, built-in flow.
You're done. You installed an app whose author you cryptographically confirmed — which is more than a store install lets you do yourself.
This is a separate app from the Play Store version
The direct build has its own package id (io.sendant.direct) and its own signing key, so Android installs it alongside a Play Store copy instead of updating it. That's deliberate: Google holds the signing key for the Play build, so a self-signed update can't replace it — Android would reject it as a different signer.
Why you should care: your Sendant identity is a cryptographic key that lives inside one specific install. Two installs = two separate identities and two separate contact lists. Pick one build per device and stay on it. If you're moving from the Play version, tell your contacts your new handle first — there's no automatic migration, by design, because we never hold your identity for you.
Keeping it updated
Outside the Play Store, updates don't arrive automatically yet. Two honest options today:
- Check back here. New signed releases are posted on this page, each with its own fingerprint to verify the same way. Because every update is signed with the same key, your device installs it cleanly over the current one — that's the payoff of verifying the fingerprint once.
- In-app update check — the app checks for you: Settings → Check for updates compares your build against the latest signed release and points you back here when a newer one is out. Checking this page every few weeks still works if you'd rather look yourself.
Honest status
The bounds matter more than usual here, because this audience checks:
Is Sendant independently audited?
Not yet. The cryptography uses well-understood primitives — X3DH and the Double Ratchet, the same as Signal — but an external security audit is planned and not yet done. Verifying the signing fingerprint proves the app is authentic (really from us, unmodified); it does not substitute for an audit of the code itself.
Does it work on GrapheneOS / a de-Googled phone?
Yes — the app runs without Google Play Services. One caveat we won't hide: background push notifications use Firebase Cloud Messaging, so on a fully de-Googled device without Play Services you may not get instant alerts while the app is closed, and may need it open to receive messages promptly. Messaging, encryption, and calls otherwise work normally.
Can I build it from source myself?
No — Sendant's source is private and stays private, so there's no public repository to compile and no bit-for-bit reproducible build to reproduce (which is also why Sendant isn't on F-Droid, which requires buildable public source). The way you confirm authenticity is the signing-certificate fingerprint and SHA-256 hash published here: check them before you trust an APK. We'd rather tell you exactly what you can verify than imply source you'll never get to read.
What permissions does it ask for, and why?
Notifications (to alert you to new messages), and microphone/camera only when you start a voice or video call. No contacts access — Sendant has no phone-number or address-book directory by design. No analytics or tracking in the app, ever.
Not sure yet? Try it with zero commitment
No phone number, no email, no account, no install. Open it in a browser and see how it feels first.
Open web app Compare messengers