Interesting. 10 of the 11 million possible trojan infected #android devices were from a Play store app, and the recommended solution is to only use Play store apps. I suppose I don't think EVERYONE should use other sources, but maybe the number one recommended solution for people shouldn't be to just use the Play store to avoid trojans. I think the concept of zap.store is more trustworthy as long as one knows to only install apps signed by trusted signers. That leads me to think though nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef02j4wvt is there a vetting process y'all go though before signing? Are there any ideas or things to come to make zap.store the most trusted? I wonder if a per release badge could be applied to app releases that says something like "this release is verified clean by <auditor/antivirus team>" https://www.tomsguide.com/computing/malware-adware/11-million-android-users-infected-with-dangerous-necro-trojan-how-to-stay-safe
Very interesting, and exactly what we seek to fix. Beyond curated relays and web of trust, there definitely are plans to incorporate external services reports for malware, reproducible attestations and much more - likely through a DVM open market. Some planned: https://github.com/zapstore/zapstore/milestone/3 nostr:nevent1qqs9up4jeehzxhxkdd269ygsyk7j3xu2fpcg2n64vvkhdkzqmzp9hacpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgs072l6htl2n4wrkq87dg59zwfrjqfxsreuhap6c4fj4pek490cquqrqsqqqqqp6tymtn