Closed graphene1over closed 2 days ago
Alternatively publishing the signing certificate hash separately to distrust the site would be an option, which would make it possible to use AppVerifier to verify the app's legitimacy. However this is a suboptimal solution.
Neither of them is planned due to additional efforts that would be needed. There's currently a lack of time and contributors, and I don't have interest in making the release workflow more complicated.
Describe your suggested feature
Currently the only way to obtain the app is through sideloading or fdroid. This is a security risk due to being unable to verify the legitimacy of the app and fdroid's major security flaws.
Currently there are two secure app stores, Accrescent, which is currently in whitelist-only alpha and Gplay, both of which employ certificate pinning and verify the downloads to mitigate MITM attacks.
Other details
No response
Acknowledgements