I tested several third party app stores. But found direct download of the APK from https://stashpay.me had the best UX. The APK is signed with the developer key. So it‘s a TOFU (trust on first use) model if you trust the TLS cert on the first install. Subsequent updates of the APK would verify the developer signing key. What‘s the advantage of using third party app stores? They don’t do auto-updates as far as I understand?
No they do handle updates - I'd also prefer zap.store and GitHub (Obtainium) as the distribution method
Updating required an action for me. Is that desired or can that be automated? I‘m an iOS user. So I don‘t have much experience with these stores.
It can be automatic if you want, personally I prefer to manually pull them.
Got it, I‘ll keep digging then. Appreciate the feedback 👍🏼
Pushing an update to zap.store is super easy (command line tool, that signs events with your nsec). App is then discoverable and updatable - and soon zappable. Happy to whitelist you in our relay if interested.
Thank you for the info. Really appreciate it! I’m not so worried about pushing updates from the developer side. I can automate with Fastlane, npm scripts and Github Actions doing the heavy lifting there. I’m more concerned about the install/update UX for users… there are quite a few more steps required to download a third party app store and then navigate to install/update the app vs just clicking “Download APK” on the StashPay website. Users come to the website and TestFlight mostly via my tweets. I haven’t gotten much traction on Nostr so far unfortunately. Not sure if it’s because people don’t like Liquid over Ecash or if it’s because StashPay isn’t open source? I’ve built open source stuff for 12 years and have not found a viable business model there yet. So I’m self-funding and trying to figure out if I can find customers with a proprietary app+service for businesses. I’m open to open sourcing though once I understand my customer better and the app is out of beta. But I’m also open to feedback in this regard in case closed source is absolutely a no-go for folks. When I tried zap.store I needed to update apps manually. I know auto-updates are frowned upon by many bitcoiners. And this is understandable for onchain/savings wallets and consensus updates for bitcoin core. But auto-updates seem appropriate to me for more complex apps holding smaller amounts like lightning spending wallets (especially for security updates). It seems like I can get that with auto-updates on Google Play and manual APK installs via my website. Also, which nsec do developers generally use to sign APKs in zap.store? I assume they don’t paste their primary nsec into a CI?
All good. - Closed source apps totally allowed in zap.store - Auto updates and other features are not there due to lack of time, not against it. All that's coming - Would not recommend pasting nsec in CI, we'll get NIP-46 signing in the future If I were you I'd try to put the app in as many places as possible. Make it easy to update, APK should be in Github releases. So then its updatable via Obtainium. If you don't wanna sign thats ok, I'll add your app to our indexer and it will still be available to users, without you doing any extra work
tldr: APK on Github Also, I like what you're doing with your app. Liquid makes a lot of sense. There are so many bitcoiners that just don't get it
Thanks for all the feedback. That all makes sense. I’ll try and get an APK on github releases in a second repo (until I open source the app repo). Then test how that works with the different app stores. It might break updates once I change the repo though. But I’ll see what works 👍🏼
So I tested Optainium and it worked fine. Do people usually copy/paste a github url themselves when installing a new app?
I either C/P, or there's a search function in the app that works on GitHub. Thanks for checking out Obtainium!🙂
Besides the possibility to ditch Google is apple by using third party app stores, nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 also enables you to enter your nostr npub and get recommendations by npubs you follow and maybe "trust" when it comes to the capabilities of apps.