Nostr or the like wont be involved for Accrescent, it's been designed to compliment ...

Why Nostr? What is Njump?

final [GrapheneOS] 📱👁️‍🗨️

npub1c9…7sqfm

2024-07-21 23:47:21

in reply to nevent1q…49gs

Nostr or the like wont be involved for Accrescent, it's been designed to compliment GrapheneOS to be a private and secure app store in the same fashion that GrapheneOS is. There had been interests for us using Accrescent for a long time and this addition coming in a time where people are into using other app stores is just a coincidence. Accrescent has been in active development and maintenance since 2021 and we had expressed interest to mirror it in our Apps app for a while.

> Accrescent's catalog is maintained by a respected community member and checks dev signatures on a third-party database on Github. Correct me if I'm wrong.

This is not done through GitHub rather Accrescent's own hosted infrastructure. When you open the app it will download the current repository metadata JSON which has the app names, ID, signing cert hashes, etc.

> Users will be able to cryptographically verify an artifact came from a developer using nostr. They can do so directly, relying on a web-of-trust check, or indirectly via curators (choose your own walled gardens).

For Accrescent, apps are verified by key pinning of the apps and signing of the app store's repository data. The repository is signed by Accrescent and verified with the repository data public key (hard coded into the app) before it can be fetched. It has downgrade protection and also has a minimum revision hard coded to protect against being served old metadata on first use. It also can support key rotation.

Downloading an app will make the client check the signed repository metadata and compare the app's certificate hash, minimum version, and app name from the signed repository metadata. If any of the parameters do not match it will not install the app for you. For updates it does not matter as Android won't let you update apps with a different certificate than your currently installed version.

Minimum version protects against first install of an insecure, older version, and app name protects against malicious copycat apps.

When someone submits an app on the Accrescent developer console (whitelist only right now) for the first time, it will put a hash of their app's signing key to the repository metadata. This makes sure users are only downloading apps by the real developer.

Author Public Key

npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm

Show more details

Published at

2024-07-21 23:47:21

Kind type

1 Short Text Note

Event JSON

{ "id": "108862a2abeeb294863d22572be1d96395e27842f6efc3c4e3ce808e530f159d", "pubkey": "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185", "created_at": 1721598441, "kind": 1, "tags": [ [ "e", "0b6a451bd34613caffaea17962e120e2a94a7741b2d0ee5d216937ec54c6f5c1", "", "root" ], [ "e", "5f9cf7f9b5f88e5faf4ae0da75482478d944236ffd6ef543c6bc707ec56f119d" ], [ "e", "b3af7e4caa96d45cf34b13fd780039ecbeea13ec1819084a052e8437a2f7795b", "", "reply" ], [ "p", "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185" ], [ "p", "78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d" ], [ "p", "f7f60d83477d6ba861a86328784d1f1c6ea0df2f7aee04e5eb7763f3829b16f9" ] ], "content": "Nostr or the like wont be involved for Accrescent, it's been designed to compliment GrapheneOS to be a private and secure app store in the same fashion that GrapheneOS is. There had been interests for us using Accrescent for a long time and this addition coming in a time where people are into using other app stores is just a coincidence. Accrescent has been in active development and maintenance since 2021 and we had expressed interest to mirror it in our Apps app for a while.\n\n\u003e Accrescent's catalog is maintained by a respected community member and checks dev signatures on a third-party database on Github. Correct me if I'm wrong. \n\nThis is not done through GitHub rather Accrescent's own hosted infrastructure. When you open the app it will download the current repository metadata JSON which has the app names, ID, signing cert hashes, etc.\n\n\u003e Users will be able to cryptographically verify an artifact came from a developer using nostr. They can do so directly, relying on a web-of-trust check, or indirectly via curators (choose your own walled gardens).\n\nFor Accrescent, apps are verified by key pinning of the apps and signing of the app store's repository data. The repository is signed by Accrescent and verified with the repository data public key (hard coded into the app) before it can be fetched. It has downgrade protection and also has a minimum revision hard coded to protect against being served old metadata on first use. It also can support key rotation.\n\nDownloading an app will make the client check the signed repository metadata and compare the app's certificate hash, minimum version, and app name from the signed repository metadata. If any of the parameters do not match it will not install the app for you. For updates it does not matter as Android won't let you update apps with a different certificate than your currently installed version.\n\nMinimum version protects against first install of an insecure, older version, and app name protects against malicious copycat apps.\n\nWhen someone submits an app on the Accrescent developer console (whitelist only right now) for the first time, it will put a hash of their app's signing key to the repository metadata. This makes sure users are only downloading apps by the real developer. \n\n\n", "sig": "73a4271a410ecdf9227bf7945cd3ba2725779aedc0b8a1f374318043157f806caaca21ab1fc7ff6870169e7e610a88d78b9b96f57eec05671e4611e46dffd698" }