I tested several third party app stores. But found direct download of the APK from https://stashpay.me had the best UX. The APK is signed with the developer key. So it‘s a TOFU (trust on first use) model if you trust the TLS cert on the first install. Subsequent updates of the APK would verify the developer signing key.
What‘s the advantage of using third party app stores? They don’t do auto-updates as far as I understand?
tank / Tankred Hase
npub1xy…xn6n2
2024-11-11 08:30:56
in reply to nevent1q…ezxc
Author Public Key
npub1xyd5ja34s4nk0l6urnh69wx9ep6uuxz2ujrkm2f8n6pfhgqa6y5s2xn6n2Seen on
wss://relay.damus.ioPublished at
2024-11-11 08:30:56Event JSON
{
"id": "1eb57c98a7fe96c306388257f82e6f2a00e4c8ebc79cdd9d386a07d6b5e5961c",
"pubkey": "311b497635856767ff5c1cefa2b8c5c875ce184ae4876da9279e829ba01dd129",
"created_at": 1731313856,
"kind": 1,
"tags": [
[
"e",
"32c9008bb181f5c24dfb9d66f77988bdb18777463325c7225c03a1bbfb4c7db6",
"",
"root"
],
[
"e",
"d9b024022c2b6928850e128293d1624f28eabdc09ff5cffc2c2fb4792f0b6311",
"",
"reply"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"6bf33edbbfe348c1f04d9b708fd51fb6004485812adab49f1d70ad0b66d7c715"
],
[
"r",
"https://stashpay.me"
]
],
"content": "I tested several third party app stores. But found direct download of the APK from https://stashpay.me had the best UX. The APK is signed with the developer key. So it‘s a TOFU (trust on first use) model if you trust the TLS cert on the first install. Subsequent updates of the APK would verify the developer signing key.\n\nWhat‘s the advantage of using third party app stores? They don’t do auto-updates as far as I understand?",
"sig": "ee43aa96d176c795e492c5e31f0345d0b29ef03cfd3676107ebc0ec02e1dbe3fee7b0aba0a3e5e0801cbcbc1128597c9b439976323532d7447f8693668bdc5c3"
}