Nostr

Yo guys, maybe I'm regarded, but I'd like to try nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 and it seems daunting. I'm supposed to get AppVerifier first to verify Zapstore. But to get AppVerifier, I'm supposed to get Accrescent first to make sure I'm getting the real AppVerifier. To get Accrescent, I'm supposed to use "apksigner" first to make sure it's the real Accrescent. It looks like I somehow have to get to a terminal on my phone to run the apksigner command and I have no idea how to do that. Do I first need Android SDK on my laptop? Download Accrescent there and check it? Then move it to my phone?

#asknostr

Reply to this note

Please Login to reply.

Discussion

Derek Ross 1y ago

Huh? My dude. Just install the nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 APK. Sure, don't trust verify, but no one is doing all of that 🤣

Uno 1y ago

Yeah, you can get it here from Nostr apps.

https://nostrapps.com/zap-store

Zapstore 1y ago

Isn't it better to go to zapstore.dev rather than trusting yet another domain?

Uno 1y ago

Yes, that's a good idea too, wasn't sure the exact domain, but knew Nostr apps could be trusted.

a_priori 1y ago

OK maybe I'm being a little autistic about it. 😂

Derek Ross 1y ago

It's good to be cautious.

Five 1y ago

There is no end to this process whether you do it on mobile or laptop or anything else. You see, no matter how many verification steps you include at the end of the chain you still have _some_ app or package to trust. There is no root of trust in that sense.

The app verifier step is enough because to really validate Zapstore you need to test how it works when installed, and/or rely on others reporting bugs/exploits here. Remember, anyone could have posted a binary that is signed properly with _some_ key but still be malicious.

If you have the source code, can check crucial parts and build it yourself, that is the most you can do but most will rely on some executable already built and the whole open source community to report bad stuff.

Zapstore 1y ago

It can be as daunting as you want it to be!

Zapstore 1y ago

Best tradeoff between convenience and security IMO:

Download Zapstore from the link in our nostr profile, to your computer. Go to the terminal and type shasum -a 256 zapstore.apk

The result should match the hash in our nostr profile as well.

From there send the APK to your phone, or repeat the download from your phone itself shortly after - highly likely the file will be the same.