Submit Android apps to our AppVerifier database

jonah: > There is also a Level 4, FWIW. Looking at SLSA • Requirements You’re looking at a “draft” specification. Later, this was split into 2 tracks: Build and Source. That said, I remember the discussions at the time that L4 (for the Build track) would mandate hermetic and/or reproducible builds. That said, @RoyalOughtness seems to have a better grasp of supply chain security than most here. Trust assumptions in none-reproducible FOSS applications General > Yep. Secureblue seems to be super serious about software supply chain security (sifting through their GitHub to see what I can setup for my projects), so cc: @RoyalOughtness