Nostr Web Client

Yeah, the exact way the apps are signed for the Zapstore is above my head. It's probably just a note with the hash of the app that is signed by the Nostr key. When Zapstore downloads the app to your device, it then checks the hash of what was downloaded against the hash in the note signed by the dev's Nostr key to make sure they match before installing.

Reply to this note

Please Login to reply.

Discussion

ygrek 2mo ago

we are talking about different signatures. The way that prevents installing app with different key over play store version is android app signing that is checked by the OS itself (trust on first use, then making sure developer key doesnt change)