Leo Wandersleb's avatar
Leo Wandersleb leo@nostr.info 1 year ago
On Google phones, the OS won't let you down-grade apps or upgrade them to a version that's signed by a different key. I want this for PWAs. Of course, as admin I want to be able to override it but it would be great to have such a lock-in that no random hacker on a webserver could circumvent.
↑ Parent

Replies (1)

franzap's avatar
franzap fran@zapstore.dev 1 year ago
This product is using NIP-94 (and another NIP coming up soon) for the distribution and verification of artifacts Android enforces TOFU and pinning at the OS level (APK are signed), PWAs have none of this. Installing them via zap.store can emulate these features (same signature for updates, prevent downgrading)
2 replies ↓