When it comes to crypto security, you can never be too careful because hackers always find ways to crack or hack your security. So best practices is the best.
I am truly paranoid when it comes to OPSEC. Because website checkers come and go. I check certificates myself if site is genuine. In Chrome, after going to Binance.com, you click the “view site information” icon and then click “connection is secure” and then click “certificate is valid”. You should see SHA-256 Fingerprints.
Currently Binance.com is:
Validity until: February 11, 2025 SHA-256: a26834e9071cbf6a00fc6936c9955f4fe345fc83c03960cc289e3642041ce512
I named my Binance website browser shortcut as a26-512 to note fingerprint. So everytime I log in I check.
Windows Desktop App
Download the installer and right-click check properties. Click digital signatures tab, pick sha-1 or sha-256 and click details, click view certificate, note validity period of signature and then click details tab and then scroll down to thumbprint, you should see the below:
Validity until: December 31, 2024 SHA-256: 9e0dd4fea8e343c257076fb506ceed9c48b32a7f
This will be the thumbprint for all versions until end of year.
Binance Android App
I prefer to download from Binance itself, not sure if Google Playstore is hackproof in the future. Anyway, download the android app at Binance. Check the checksum of the APK for reference. I use 7-ZIP to check:
Size: 187865441 bytes (179 MiB)
According to Google Playstore, this version is 2.78.4. Install apk and then disable auto-updating the app in Playstore.
PS: I will update this post if checksum values change in the future.