a_priori on Nostr: While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I ...
While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I went a few levels deep.
First, I downloaded and installed Android SDK on my laptop.
Then, I used apksigner to check the signatures on accrescent[.]apk
Then I moved the .apk to my phone and installed.
I used Accrescent to install AppVerifier.
I used AppVerifier to verify the .apk for zap.store (nprofile…tdq0)
Always remember, it is best to double check the certificate hash from a different source than where you are getting the .apk. For example, if you got the file from zapstore.dev you should crosscheck their Nostr account and make sure it is the same there. While it is always possible someone could compromise both, it is less likely.
The result:
First, I downloaded and installed Android SDK on my laptop.
Then, I used apksigner to check the signatures on accrescent[.]apk
Then I moved the .apk to my phone and installed.
I used Accrescent to install AppVerifier.
I used AppVerifier to verify the .apk for zap.store (nprofile…tdq0)
Always remember, it is best to double check the certificate hash from a different source than where you are getting the .apk. For example, if you got the file from zapstore.dev you should crosscheck their Nostr account and make sure it is the same there. While it is always possible someone could compromise both, it is less likely.
The result: