Your second paragraph doesn't parse well here. Are you proposing a secondary signing scheme on top of the signatures inside the APK files? I thought, APK signatures and TOFU handling was part of the Android OS, so you couldn't work around that neither.
Discussion
Android does not handle trust on first use, as it allows you to install APKs from any source.
This is what I meant for signatures: https://github.com/nostr-protocol/nips/pull/1335
How does a permission to install non-PlayStore APKs relate to the OS's TOFU?
If you install an app from PlayStore and then try to **update** it with some self-compiled version, you can't because TOFU.
If you installed an app from F-Droid and then try tu update via the PlayStore, you can't because of TOFU (unless if the apk is signed by the same keys).
We're talking about the same thing man, no disagreement. You still need information on provenance when first installing, and the nostr web of trust plus verification is a way of doing that (as opposed to a centralized curator)