We definitely should look at how to achieve this. I'd love to have obtainium verify that APKs are signed by the developers and nostr would be ideal for this purpose. Obtainium would have to add nostr features like websockets and event signature verification support. I wonder if they'd consider a PR.

I'd imagine we'd have to get a userbase of freedom projects first.