• The app that got deleted
• The 30% toll
• What Zapstore actually does
• The trust you’re replacing
• We have tried this before
• What this is and what it isn’t

§The app that got deleted

In June 2023, Apple removed Damus from the App Store. Damus was a #nostr client that let users send zaps – #bitcoin micropayments over the #lightning Network – directly to each other. Apple’s objection was that these payments bypassed its in-app purchase system. The 30% cut. Tipping someone a few hundred sats for a good post was, in Apple’s reading of its own rules, a violation.

Damus eventually came back, with zaps stripped down to comply. The feature that made it interesting was the feature that got it pulled.

This is the deal you accept when you distribute software through the App Store or Google Play. Two companies decide which apps exist on most of the world’s phones. They set the fees, the rules, and the enforcement. If your app does something that conflicts with their business model, even something legal, even something users want, it can vanish overnight.

Google is tightening the other end. In August 2025, the company announced that starting September 2026, all apps installed on certified Android devices will require a verified developer identity. Even sideloaded APKs. The stated reason is security. The practical effect is that anonymous app distribution on Android, which has been possible since the platform launched, is ending.

§The 30% toll

Google Play charges 15% on the first million dollars of annual revenue, 30% above that. Apple charges the same. For subscriptions, both take 15% after the first year. If you’re a small developer, the reduced rate is a concession. If you’re Spotify or Epic Games, the full rate is a tax collected by a landlord you cannot leave.

Epic Games sued Google over this and won. The Ninth Circuit upheld the antitrust verdict in July 2025. Google is now required to allow third-party app stores inside the Play Store. In the EU, the Digital Markets Act forced Apple to allow alternative app stores on iOS, though Apple implemented this with enough warning dialogs, biometric confirmations, and a EUR 0.50 Core Technology Fee per install that the “openness” feels more like malicious compliance.

Google Play also started requiring government licenses for custodial crypto wallet apps in October 2025, covering the US, UK, EU, Japan, and fifteen other jurisdictions. After backlash from the Bitcoin community, Google clarified that non-custodial wallets were exempt. For now. The fact that one company’s policy change nearly pulled every Bitcoin wallet off the dominant app store should bother you regardless of how it resolved.

These are not hypothetical risks. They are the operating environment for anyone building software that touches money, identity, or speech. And they are the reason Zapstore exists.

§What Zapstore actually does

Zapstore is a permissionless app store built on the #nostr protocol. Fran, who goes by franzap on Nostr, built it. The current version is 1.0.6 as of April 2026. It lists around 3,000 apps. OpenSats funded it in the 10th wave of Nostr grants in March 2025.

Here is how it works.

A developer publishes app metadata as a Kind 31990 Nostr event. Name, description, icon, platform. Release artifacts go in Kind 31991 events: version number, changelog, a link to the APK file, and the SHA-256 hash of the binary. Both events are signed with the developer’s Nostr keypair. The app store is not a server. It is a client that reads these events from relays and presents them.

When you install an app through Zapstore, the client downloads the APK, computes its hash, and compares it to the hash published in the Kind 31991 event. If they don’t match, installation is refused. The developer’s Nostr identity is the signing authority. No certificate authority in the middle. No review board. The person who wrote the code is the person vouching for the binary, and you can verify that chain cryptographically.

Payments work through zaps. If a developer has a Lightning address in their Nostr profile, you can send sats directly from Zapstore. No intermediary takes a percentage. The developer gets the full amount minus Lightning routing fees, which are usually fractions of a cent. Compare that to the 15-30% that Google and Apple collect.

This is Android-first. On iOS, Apple’s walls remain even in the EU. Desktop builds exist for Linux and macOS, but the real audience is Android users who already know what sideloading means. I’ve used Zapstore to install a few Nostr clients. The process is fast if you already have a Nostr identity and an Android phone. If you have neither, you are going to hit several walls before you reach the first app.

§The trust you’re replacing

Here is where I have to be honest about what Zapstore asks of you, because the security model is genuinely different from what most people are used to.

Google Play’s model is centralized review. Google scans every app with automated tools. They reject known malware. They enforce API level requirements, permission disclosures, privacy policies. The system is imperfect, malware still gets through, but it catches a lot. Google claims that sideloaded apps are 50 times more likely to contain malware than apps from the Play Store. That number comes from Google, so weight it accordingly, but the directional claim is probably right. Centralized review catches things that nothing else does.

F-Droid takes a different path. It rebuilds apps from source code and signs them with F-Droid’s own key. You trust F-Droid’s build process, not the developer directly. The tradeoff is that F-Droid’s signature differs from the developer’s original, so you can’t update between F-Droid and Google Play versions of the same app. You pick a source and stick with it. F-Droid also has slow update cycles because every new version has to be independently built.

Zapstore replaces both of these with something closer to raw trust. You trust the developer directly. The Nostr identity on the release event is their identity. The Web of Trust layer, who you follow, who they follow, who has endorsed this app, provides social signal. But social signal is not a security audit. Nobody reviewed the source code. Nobody scanned the binary for you. The hash verification tells you the file wasn’t tampered with in transit. It does not tell you what the developer put inside it.

If you’ve read my article on the Web of Trust problem nobody has solved yet, you know how fragmented WoT is on Nostr right now. Every client computes trust differently. There is no standard. A developer who looks trustworthy in your follow graph might be invisible in someone else’s. Zapstore inherits all of those problems.

I am not saying the centralized model is better. I’m saying the decentralized model is younger and has fewer guardrails. Zapstore’s security today depends on the size and quality of your personal social graph. For most new users, that graph is thin.

§We have tried this before

OpenBazaar launched in 2014 as a decentralized marketplace. No fees, no accounts, no content moderation. It shut down in 2021 after seven years of struggling to find mainstream users. The people who needed censorship resistance were not enough to sustain the platform, and the people who didn’t need it had no reason to leave what they were already using.

F-Droid has survived since 2010 by serving a specific audience: people who want open-source software and will accept a smaller catalog, slower updates, and a more technical install process. It works for that audience. It has never come close to threatening Google Play.

Zapstore has more in common with F-Droid than with OpenBazaar, but it has something neither of them had: a protocol-native payment layer and a social graph built in. F-Droid has no way to pay developers. OpenBazaar had payments but no social layer for trust. Zapstore has both, because it sits on Nostr, which already wired those together. If you’ve read my article on Shopstr, you know that Nostr is already running peer-to-peer commerce with Lightning and Cashu. Zapstore extends that same infrastructure to software distribution.

Whether that matters depends on what you think a decentralized app store is for. If the goal is to replace Google Play, Zapstore will not do that. Seventeen thousand daily active Nostr users is not a market. The catalog is mostly Nostr clients, Bitcoin wallets, and privacy tools. You will not find Instagram or Uber there.

But replacing Google Play may be the wrong frame. The Epic ruling is forcing Google to host competing stores. The EU is cracking open iOS. Google’s developer verification requirement will add friction to sideloading that did not exist before. The walls are moving, and some of them are moving in directions that make a cryptographically verifiable distribution channel more relevant than it was a year ago.

If Google starts blocking unverified APKs on certified devices, Zapstore has a problem. Its users will need developer mode or ADB to install anything. That is a real barrier. But it is also a barrier that Zapstore’s actual audience, people who already run Nostr clients and hold their own keys, will step over without thinking about it.

§What this is and what it isn’t

Zapstore is not going to be on your parent’s phone. It is a distribution channel for software that can’t or won’t play by the rules of two companies that own mobile computing.

That niche might stay small. Most people will never need an app that Google or Apple won’t carry. Most developers will never get their app pulled for a policy violation. The 30% tax is a cost of doing business, and the audience it buys is worth more than the fee to most people building software.

But for the developers shipping Nostr clients, Bitcoin wallets, and tools that let people control their own keys, money, and identity, Zapstore is the first app store that treats them as the point instead of an edge case. The developer signs the binary. The user verifies the hash. The payment goes direct. No middleman takes a cut or decides whether the app deserves to exist.

Whether the rest of the world ever needs that is an open question. The people who need it now are not waiting for an answer.

#nostr #bitcoin #decentralization #security