Oddbean new post about login | logout Both App Store iOS and Google Play Store don't have the ability for developers to sign builds, meaning whatever software you download from these places may have been modified after the creator submitted it.
So zap.store fixes this?
Yes, this particular part, it's also very ingrained, like older versions of cocoa pods (a dependency management tool) had an attack vector where while building you your app a malicious actor could inject dependencies you didn't even ask for, it's fixed in recent versions, but it was active for years, and developers didn't even know they were shipping malicious apps to their users.