We don’t verify against GitHub releases — we verify against what users actually receive from the Play Store.
At WalletScrutiny.com, we extract the APK installed on a real device (or downloaded directly from the Play Store via an API), then build the app from source following the developer's instructions. We compare the two using tools like `diffoscope` or `apktool` to check for byte-for-byte reproducibility. If they match (excluding signing differences), the app is reproducible.
Using the GitHub APK assumes trust — we’re focused on trustlessness.
dannybuntu
npub1r7…2sf7d
2025-04-10 12:45:15
in reply to nevent1q…8jqg
Author Public Key
npub1r709glp0xx2zvgac45wswufjst5xgr7cear5a8me7x9vazhjzmksp2sf7dPublished at
2025-04-10 12:45:15Event JSON
{
"id": "9d344fa46e7eb6115d9130164d2b5de0a2abb114171a6406f95c1859b91cf84f",
"pubkey": "1f9e547c2f31942623b8ad1d07713282e8640fd8cf474e9f79f18ace8af216ed",
"created_at": 1744289115,
"kind": 1,
"tags": [
[
"p",
"d70d50091504b992d1838822af245d5f6b3a16b82d917acb7924cef61ed4acee",
"wss://relay.damus.io/",
"au9913"
],
[
"e",
"dde8c0673791316738bd9fc6c62e438b330d5384d92cfdd92a5e1ee6a333e41f",
"wss://nostr.wine/",
"root"
],
[
"e",
"abbad12b516bfd4eca564b142e63435371aa4d9ac9280239cda6703eea4052a4",
"mention"
],
[
"e",
"9775556615b5e099a605903bf7f152214777d5c49b07fcefe4368784f1e46b76",
"",
"mention"
],
[
"e",
"28d068b3743521618cca7880a7898e95faea31c45fc4c664c1d22f49540d4a2b",
"wss://bevo.nostr1.com/",
"reply",
"d70d50091504b992d1838822af245d5f6b3a16b82d917acb7924cef61ed4acee"
]
],
"content": "We don’t verify against GitHub releases — we verify against what users actually receive from the Play Store.\n\nAt WalletScrutiny.com, we extract the APK installed on a real device (or downloaded directly from the Play Store via an API), then build the app from source following the developer's instructions. We compare the two using tools like `diffoscope` or `apktool` to check for byte-for-byte reproducibility. If they match (excluding signing differences), the app is reproducible.\n\nUsing the GitHub APK assumes trust — we’re focused on trustlessness.",
"sig": "b9dd8b676cd8c6d0fa41ed7b22e8b964b4b05143141f1a25286a817135c36516f22534b2bed23d620a4181dd6cdc8c2a3d21b07fbe6385c6f0fa8f0e7166b387"
}