On Google phones, the OS won't let you down-grade apps or upgrade them to a version that's signed by a different key. I want this for PWAs. Of course, as admin I want to be able to override it but it would be great to have such a lock-in that no random hacker on a webserver could circumvent.
Discussion
This product is using NIP-94 (and another NIP coming up soon) for the distribution and verification of artifacts
Android enforces TOFU and pinning at the OS level (APK are signed), PWAs have none of this. Installing them via zap.store can emulate these features (same signature for updates, prevent downgrading)
TOFU 😁 I was not familiar with "trust on first use" being called that.
I'm very excited about app distribution via nostr. This might be the killer app but then again, the social graph might on its own be the killer feature many tiny baby killer apps build on. Lets make the App Store obsolete!
(followed)
I did not get involved when drafting BIP94 but now I wonder why URL is not optional when it might be used for torrents and why there is no filename. The fallback is also not well specked. Is fallback allowed to occur multiple times or may it be `[fallback, fallback1, fallback2, ...]`