227 sats \ 1 reply \ @freetx 29 Jan \ on: Can nostr fix app distribution? nostr
Great write-up!
Yes. I think the 'killer feature' for curation is security analysis / protection.
I would probably rate Apples efforts as B+ and Google Play Store as C- . However, they both fail because of their censorship bent.
For me, I'd be willing to pay a small fee for a curated appstore (free from political censorship), where as you suggest, the app store provider gave some sort of certification regarding the privacy implications of the apps.
Ideally the curator should run the apps in a simulator and provide a report: "is this app trying to make network connections....is source code avail....are the builds reproducible.. is it scanning the local network....does the binary have signatures that match known tracking software" etc.
Something like this could fit well within the nostr ecosystem as users could have direct feedback and direct discussion regarding these results. Competing App Curators could chime in and describe why Curator A's approach was flawed, etc....all in all this would improve security immensely as app developers saw their apps were going to be so scrutinized. As it stands now, most app developers do the bare minimum and often receive very little direct pushback of the security flaws in their model.
The idea is to leverage the web of trust for security and curation, so there's no "one size fits all" authoritative approach like all the current app store models - it's all weighted by who you follow/trust. Having curators is not a requirement.
That said you are right in that curation could remain important piece of the puzzle. Many people don't have the time or expertise to judge a developer or a result of a malware analysis DVM. So what I mentioned about NIP-51 lists could be even bigger than I thought.
reply