Interesting. 10 of the 11 million possible trojan infected #android devices were from a Play store app, and the recommended solution is to only use Play store apps.

I suppose I don't think EVERYONE should use other sources, but maybe the number one recommended solution for people shouldn't be to just use the Play store to avoid trojans. 

I think the concept of zap.store is more trustworthy as long as one knows to only install apps signed by trusted signers. 

That leads me to think though nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef02j4wvt is there a vetting process y'all go though before signing? Are there any ideas or things to come to make zap.store the most trusted?

I wonder if a per release badge could be applied to app releases that says something like "this release is verified clean by <auditor/antivirus team>"

https://www.tomsguide.com/computing/malware-adware/11-million-android-users-infected-with-dangerous-necro-trojan-how-to-stay-safe