Oddbean new post about | logout
Garlic | 3 months ago (raw) | root | parent | reply | flag 
 How can I trust in apps signed by you? How I can verify that's the same signature? Your app not even (yet) has integration with AppVerifier like Accrescent
Zapstore | 3 months ago (raw) | root | parent | reply | flag +1 
 Inspect the source code and build the APK yourself. There is a file integrity hash check and an APK certificate hash check but Android enforces this validation anyway. 

For first installs you're choosing to trust AppVerifier and not zap.store, that's okay. I can't change who you trust. 

However, developers will start signing apps via nostr events so on zap.store you'll be able to check that with your web of trust (via a service or manually)