Replying to Avatar Matt

My main issue with Zapstore is the number of apps that are signed by Zapstore rather than the developer. It seems to me that you're relying on a single person and key to sign a lot of critical apps (Bitwarden, etc). Where Obtainium at least spreads the risk out (or it seems to anyway). Maybe it has the same problems and I'm mistaken somewhere. nostr:npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8

Either way, I tried Zapstore and just used it for apps like Amber that are signed by the Dev to make myself feel better. I ultimately gave up because Zapstore kept trying to update every app with no way of excluding the ones I didn't want it touching.

16
invisibull 22h ago

nostr:nprofile1qqs0agvxc2jx0rdugdmsfmkjzcyyd698s8jlk9c9d6dmxvuyp4daauspz9mhxue69uhkummnw3ezumrpdejz7qgmwaehxw309a6xsetxdaex2um59ehx7um5wgcjucm0d5hsxx5cc2 I don't see an issue with it because they clearly display SHA256.

Let's take Bitwarden latest release for example. This is a sha for the apk from their GitHub repo (copy/paste)

sha256:fc8c8124650665270925648e0ec35bf7336f26058e3bd72eabf41d859727d220

You will see this same sha displayed in zapstore. Makes no huge difference who signs the release if keys match.

Reply to this note

Please Login to reply.

Discussion

No replies yet.