Bitcoin Forum

On MacOS I downloaded BlueWallet-6.6.8.apk & BlueWallet-6.6.8.apk.sig from https://github.com/BlueWallet/BlueWallet/releases.

When I verify the file I get:
"Untrusted Signature
The signature of this message is valid but untrusted. That means it has not been tampered with. It is untrusted though, because the key has not yet been verified".

I uploaded BlueWallet-6.6.8.apk to - https://apkpure.com/apk-signature-verification & got this response:

"[Not Trusted] This BlueWallet-6.6.8.apk APK is a modified version, we don't recommend installing it".
Package Name : io.bluewallet.bluewallet
Signature : 26967bfb93f2e496d9829c6fae8a4a6c3de2df12
File SHA1 : ab86f34d0eccdddd504b2d50665fecf769f3196a
File Size : 64.7 MB

Is the file safe to install on Android, how do I find the key ID of the apk file, what is the correct file verification process? ???

You also need the public key of the developer who signed and released the software. That way, the verification will prove if the application was signed by the correct person or not. Now when I think about it, I have never come across a tutorial or post on Bitcointalk that discusses the verification of executables of BlueWallet.

Try with this key (https://bluewallet.io/pgp/). It says that it's for BlueWallet maintainers. Import it into Cleopatra. I have never used MacOS, so I am not sure what software you need to use for the verification.

GPG Keychain. 8)

The help files in GPG Keychain solved the untrusted issue, however apkpure.com scan still flags the file as unsafe to install. ???

perhaps a false positive
I think you should reach out to the APKpure support or community for a much more satisfactory answer. You can do this for Bluewallet support alike, Maybe they know about the false flag or what could be missing.