Being able to verify signatures when you download a software update, especially when it comes to self-custodial wallets, feels very very good... and I prefer those desktop wallets that allow it over others
With Sparrow, they upload a txt with the hash according to version and then they upload the signature of that txt file with the hashes. So if you already had a valid signature previously scheduled using PGP, you just have to download the signature, the txt, and that will tell you if that txt was signed by the person you trust.
Once you have verified the signature, you have to run the hash with some application on the file you are going to install and verify that it matches what is in the txt file. If it matches then you know that you are about to install something that was not tampered with and that was published by the person you want.
Plus, of course, Sparrow allows you lots of things that give you a lot of security.
  • You control your HW from this app instead of using the native HW app, obtaining many more features
  • You set it to use only your node to connect to the blockchain by default...
This way you have security when installing, security when using your Node, privacy when using your node, more features, coin control, greater privacy in managing coins etc etc etc etc.
Yes, I know... not everyone wants to do that but... when you learn it... it's hard to get out.
I do, if it is to be used with any somewhat significant amount.
reply