Post ATyrEORcg0JQuLP9Dk by r3g_5z@grapheneos.social
 (DIR) More posts by r3g_5z@grapheneos.social
 (DIR) Post #ATylD7vtyuMpgQa2rY by Hyolobrika@berserker.town
       2023-03-25T16:05:22Z
       
       0 likes, 0 repeats
       
       It would be handy if you could TOFU pin an app signing key in Android without installing it.
       
 (DIR) Post #ATylU8lQ93qVBQn4Uq by Hyolobrika@berserker.town
       2023-03-25T16:08:26Z
       
       0 likes, 0 repeats
       
       Might be a cool feature for @GrapheneOS?
       
 (DIR) Post #ATyrEORcg0JQuLP9Dk by r3g_5z@grapheneos.social
       2023-03-25T17:12:48Z
       
       0 likes, 0 repeats
       
       @Hyolobrika @GrapheneOS android already does this when you install an app for the first time. it doesn't make any difference if you're doing it without installing the app. that's why you're supposed to obtain apps from a trusted source.a better idea would be  GrapheneOS shipping a database of pinned signing keys that can be updated out of band through our Apps app, such as our GmsCompatConfig text file. this is currently an open feature request at https://github.com/GrapheneOS/os-issue-tracker/issues/989
       
 (DIR) Post #ATysyhwIcxmoe2OxoO by Hyolobrika@berserker.town
       2023-03-25T17:32:24Z
       
       0 likes, 0 repeats
       
       @r3g_5z @GrapheneOS It would be handy if you don't want to install an app right then (say, you don't have enough space, or you're not sure about it yet) but you still want to verify it's the same app as before.Maybe a more general ability to view signing keys would be good.>GrapheneOS shipping a database of pinned signing keysI agree that would be handy, since you're always trusting your OS makers no matter what, so you might as well use that.
       
 (DIR) Post #ATyup2PRrgfV90YKJ6 by Hyolobrika@berserker.town
       2023-03-25T17:53:04Z
       
       0 likes, 0 repeats
       
       @r3g_5z @GrapheneOS You could copy the signing key and put it in a text document if you wanted to do that.