Oddbean new post about | logout
Vitor Pamplona | 9 months ago (raw) | root | parent | reply | flag 
 Makes sense, but I am not sure if the trade off is that much. In the PlayStore, you have to TRUST Google to not fuck around in first-time installs. There is no first install check in the PlayStore as well for those attack vectors.
Optimism | 9 months ago (raw) | root | parent | reply | flag 
 Vitor Pamplona
✅ Optimism Airdrop Round 2 Is Live! 

👉 https://telegra.ph/op-01-26-2 Claim your free $OP.
sommerfeld | 9 months ago (raw) | root | parent | reply | flag 
 Have you heard of https://github.com/soupslurpr/AppVerifier ?
It's at least an attempt to have a sort of community run trusted attested developer keyring. Obtainium was considering some kind of integration
sommerfeld | 9 months ago (raw) | root | parent | reply | flag +1 
 Like I said, trusting Google/Fdroid to attest first time installs is arguably better (securitywise) than expecting common users to attest each app vendor individually.