nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5 which is the best way to verify Amber apk?
Is there any signature file and pubkey I can use to verify it? do you maybe publish the hash on Nostr? (that could be it)
Discussion
When zap.store is ready i'll change the keys and start publishing the hashes
For now you can check if Amber is signed with the key 56dc631996a55c2284790448c7dc9f1dd05df596b2ce4882313633f5602e5fe4 and try to check if the apk is reproducible by building it and see if it matches the content inside the apk
The best way of doing this i found was adapting the signal docker file
https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds
If you dont want to do this its better to wait for when i start signing with my new keys in zap.store
Would you like to try it now? Hopefully it works.
see https://github.com/zapstore/zapstore-cli
I already whitelisted your npub in the relay
Nice, I'll just finish something I was doing and I'll try