One of zap.store goals is to finish what PGP never could.

I share your concern and to bridge the PGP-nostr gap we have NIP-39 cryptographic identities that soon will be integrated into zapstore-cli.

https://github.com/nostr-protocol/nips/pull/1335

Other tools could be built to leverage these events and feed them into Openkeychain for example.

That said, you mention "updates" and a phone which I suppose is Android. Keep in mind that the OS handles this verification for you, so no worries except on first install.

nostr:nevent1qqs0jls3pxsvs792443sdlg8f673f237hx4gfe3f5gl9fq3uv2a0zngpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg8dk3czwy5h43dxrunh70x3fhj5celttnxjpmcdnhefhcvxskasqspsgqqqqqqsmtjg7h