Most people will trust the domain name zapstore.dev, so there's that.
Or use the "who signed this file" tool, it's right there in the downloads page.
Apologies if Zapstore is not yet the default store on Android.
Login to reply
Replies (2)
"Who signed this file" links to some API endpoint gobbledygook. What's worse: clicking on it leads to a page that says "certificate expired."
"Just trust us" can't be the solution when 100% of smartphone cybersecurity advice for normies is "For the love of God, DON'T INSTALL APPS from unknown sources."
What is your suggestion then?