[nozzlegear]

> When users download Threema for Android from the Threema Shop, they only have to place a certain level of trust in us, the service provider, not in any third party. The app they download is signed by us, which allows them to verify beyond a doubt that it hasn’t been tampered with by anyone and that it behaves as intended.

> When iOS users download an app from the App Store, on the other hand, they receive a file that’s signed by Apple. iOS developers can’t sign their own apps. As a result, it cannot be ruled out that Apple alters an app after its developer submitted it. For example, Apple might make specific modifications to certain apps in some countries at the request of the respective government.

And Threema or FooCorp or whoever might make modifications at the request of their investors; or whoever they sell their app to might do it, like we see with the Chrome store. The fact is I inherently trust Apple more than I trust Threema or FooCorp, it’s why I personally bought an iPhone.

[fragmede]

But it's the about the number of people in that chain. In addition to trusting Threema or FooCorp, because of the app store, you also have to trust Apple not to mess with it. It would be better by not having to trust everyone along the chain by just having a shorter chain.

[nozzlegear]

You’re right, I can see your point of view. I guess what I don’t understand is that Apple is already in that chain by virtue of the fact that you’re using an Apple device in the first place. Even if we take for granted the fact that you’re maybe not using their App Store to install an app, you’re still using an operating system developed by them, the app is using APIs written by them, etc. You must inherently have some trust in Apple to use iOS in the first place, so my point of contention is that it looks like adding Threema or another App Store distributor is what’s adding more points of contact to the chain. Do I misunderstand it?

[syrrim]

And someone choosing to pay for threema presumably trusts threema.