{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibvtwgc66vx25bb3womdcajxr4jik6ee7l7o3eafoaapzjmituncu",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmtpgpckgn22"
  },
  "path": "/t/submit-android-apps-to-our-appverifier-database/38125#post_13",
  "publishedAt": "2026-05-27T12:32:50.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "privacyguides.org",
    "ex"
  ],
  "textContent": "jonah:\n\n> In the near future I will get this data into an easier to read format and publish a formatted table on privacyguides.org as well as GitHub, but in the meantime we can start building a database\n\nThe problem to solve here isn’t populating the database itself, but rather maintaining it immutable & fresh (ex) in face of key rotations (either due to key compromise or expiry). Keeping it “fresh” among other things will involve tracking each release and noting its (sha256 or equivalent) digest against previously verified public key. There’s likely many other considerations at play here. If I were you, I’d publicly note that this “app verifier” thing is WIP and call for collaboration with any organization or persons that understand software supply chain more deeply.",
  "title": "Submit Android apps to our AppVerifier database"
}