Inspect the source code and build the APK yourself. There is a file integrity hash check and an APK certificate hash check but Android enforces this validation anyway.
For first installs you're choosing to trust AppVerifier and not zap.store, that's okay. I can't change who you trust.
However, developers will start signing apps via nostr events so on zap.store you'll be able to check that with your web of trust (via a service or manually)
zap.store
npub10r…jt2p8
2024-07-26 22:34:16
in reply to nevent1q…z00j
Author Public Key
npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8Published at
2024-07-26 22:34:16Event JSON
{
"id": "cc39dfef7f243fc563d24ad0c67d7c88aacc9b86e53aed7da4e3751e5a925f6f",
"pubkey": "78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d",
"created_at": 1722026056,
"kind": 1,
"tags": [
[
"e",
"a1804315db7b2de79a972b1a676cb53d259e77dbef16c45399088a5ce23c7a4b",
"",
"root"
],
[
"e",
"536d4424b6baa95935cb240b4a2f2f75b925fd185203257b538ad2818a6cf7df"
],
[
"e",
"e3ee457c3ae805352538e013c56fa6e5bc9dfdc14c5e3681187ff954ebbf6d7b",
"",
"reply"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"ab29a6df689467e282551edea0805645c66fbf3b1a27a5879997fe208a61b8b6"
],
[
"r",
"zap.store"
],
[
"r",
"zap.store"
]
],
"content": "Inspect the source code and build the APK yourself. There is a file integrity hash check and an APK certificate hash check but Android enforces this validation anyway. \n\nFor first installs you're choosing to trust AppVerifier and not zap.store, that's okay. I can't change who you trust. \n\nHowever, developers will start signing apps via nostr events so on zap.store you'll be able to check that with your web of trust (via a service or manually)",
"sig": "4efb89c3539bf7fe0f8d037a867ec8ba12eaf32bc835adcca0e3edfbfd090f654cb18fa8747a7a8207f41338817ab9c00346069249c46143c0d25d690e39986c"
}