Exactly, there is a good balance that has to be hit IMO as vulnerabilities and open doors to malicious app installation could be more harmful than anything else in many scenarios, especially if you have any reason at all to be targeted.
Discussion
So it basically comes down to the initial downloading of an app right? If that’s signed correctly with the developer’s keys, then it can’t be replaced with a malicious version later no matter the “app store” you use right? (Excluding f-droid b/c of wonky signing policies)
So for most users Google Play is the right answer, but there are tradeoffs to consider.
Obtainium seems to be a powerful option here if you’re comfortable finding the source location yourself (only risk remaining is that the dev keys themselves are compromised which also would risk the other app stores?). This seems most like a desktop, download software from source, but with a nice consolidated updater.
Idk for me it feels like getting most software through Obtainium would be ideal and fallback to Google Play for apps that aren’t listed anywhere else. I’d only do this with a fully anonymous Google account tho (is this even possible anymore?)
Would be cool to have nostr used for software, publishing hashes of each release.
So for #[5] somehow you’d post hashes of each Envoy release to nostr (one note+replies?) and Obtainium could have a “nostr hash verified” section when you add an app so it will additionally check a specific nostr note/thread for the most recently posted hash signed by #[6] npub, must match hash of APK update before installing.
So both dev keys and nostr keys would have to compromised to trick Obtainium then. Any obvious pitfalls here? #[4]