FYI I went ahead and did this... used a separate computer to verify the hash... But let's not kid ourselves that this is going to ever be an option for anyone who's never used a command line
Login to reply
Replies (3)
Most people will trust the domain name zapstore.dev, so there's that.
Or use the "who signed this file" tool, it's right there in the downloads page.
Apologies if Zapstore is not yet the default store on Android.
This ๐ฏ
I'm lost
"Who signed this file" links to some API endpoint gobbledygook. What's worse: clicking on it leads to a page that says "certificate expired."
"Just trust us" can't be the solution when 100% of smartphone cybersecurity advice for normies is "For the love of God, DON'T INSTALL APPS from unknown sources."