Oddbean new post about | logout
 Fdroid (and even Google Play) verify apk signatures and hashsums.

The lack of integrity and authenticity verifications in Obtanium (which just fetches apks over https) certainly put it at a severe disadvantage when it comes to security.

Obtanium is as much censorship resistance as possible but we should be clear about the trade-offs. Unless there is a standard way for devs to publish hashsums and sigs on Github Releases that Obtanium could use for verification, things are not likely to improve.
nostr:nevent1qqsx38wrmgcf78fu7yntp6y4psmgq0x4fdr4vjy5k4wrltlszenz0lcpz9mhxue69uhkummnw3ezuamfdejj7q3qgcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqxpqqqqqqzvh4att