It will get better:
quotingGreat question!
nevent1q…enme
We run an indexer that gets data and artifacts from various repositories. It can be slow sometimes, but it's improving - in quantity and speed.
All data is written to wss://relay.zap.store and https://cdn.zap.store (a blossom server). At the moment both are read-only for everyone except this pubkey.
The zap.store Android app fetches data from that relay which for now is hardcoded. Why? First reason is security: we do not have all the tools in place yet to let users confidently determine the trust profile of an app, so we're effectively curating. And second is UX: the NIPs for apps and releases are new and in flux, having control over the relay allows us to fine tune without causing many issues.
Once we progress with all that we will let users choose their own app relays. So you are right that it's not fully permissionless today, although you could definitely fork app and relay and run your own. But it will soon be.
nevent1q…f6zr