I think a useful best-practice for Nostr apps would be including signing permissions check in the onboarding, instead of randomly when they need them.
This is already quite common on Android for other kind of permissions.
Just briefly explain why you need that specific signature and fire the permission request to the local signer or remote bunker.
It's a one time proces that will make the following app's usage smooth a frictionless.
This will also naturally bring to highlight mandatory and optional permissions, making apps more solid and resilient to possible rejections in the signing flow.
