User FAQ

Developer FAQ

What is Zapstore?

Zapstore is an open Android app store. You can browse apps, install APKs, keep them updated, and support developers with Bitcoin tips when the app supports it.

Releases are tied to publisher identity and signatures where available, so you get more context than a random download link.

How do I install Zapstore?

Download the APK. Android may ask you to allow installation from unknown sources once. That is normal for apps outside Google Play.

After install, open Zapstore and update it from the app when a new version is offered. Staying on a recent build avoids many catalog and update issues.

Do I need Google Play to use Zapstore?

No. Zapstore installs and runs without Google Play. You use it alongside or instead of Play for the apps you choose from the catalog.

Do I need a Nostr account to use Zapstore?

You can browse and install apps without signing in.

A Nostr account (for example via Amber) unlocks backup of your app list, tipping developers, seeing recommendations from people you follow, and fuller Web of Trust signals. For most regular use, signing in is worth it.

Is Zapstore safe? How do I know apps aren't malicious?

Every app on Zapstore is signed in the catalog, either by the developer with their Nostr identity or by the Zapstore indexer for apps sourced from GitHub. On first install, Zapstore shows who signed the listing and whether anyone in your Web of Trust follows that publisher.

Android also protects updates: it refuses an update signed with a different developer certificate than the app you already have, so you cannot be silently switched to a different signer on update.

Malware scanning and detailed privacy reports are on the roadmap. First installs still need your judgment, like any open store.

What is the Web of Trust (WoT) and why does it matter?

The Web of Trust is based on who follows whom on Nostr. Before you install an app for the first time, Zapstore can show whether people you follow also follow or endorse that app’s developer.

It is not a guarantee of safety, but it is useful context compared with an anonymous APK. Zapstore does not hide apps that lack WoT signal; it warns when trust is thin. WoT on app detail pages is improving over time.

What if there are two apps with the same name?

Compare publisher identity, source links, and trust signals before installing. Android blocks updates from a different signing key than your installed app.

Duplicate and impersonation handling in the catalog has improved; if you still see duplicates after an incident, try Profile → Clear local storage. If they persist, contact support.

If the Zapstore signing key were stolen, would my apps be at risk?

Risk is concentrated on first installs, not updates. Once an app is on your phone, Android will not apply an update signed with a different APK certificate.

The indexer key signs Nostr events that point at upstream URLs; APKs for indexed apps are still fetched from those original locations, which the UI should show. The team has been rotating and tightening indexer keys where needed.

Does Zapstore scan apps for malware?

Today the model is publisher identity, source transparency, signatures, and social trust, not automated malware scanning. Richer scanning and privacy reporting may come later. Treat first installs with the same caution you would anywhere else.

How is Zapstore different from Google Play?

Google Play can remove apps, enforce policy, and collect extensive user data. Developers pay to list and wait on review.

Zapstore has no single gatekeeper: publishing is permissionless, and no one can remotely uninstall apps from your device. The tradeoff is less centralized malware review; Zapstore leans on developer signing, source transparency, and community trust instead.

How is Zapstore different from F-Droid?

F-Droid often rebuilds apps from source on their infrastructure, which is its own trust model, and may lag behind upstream releases. F-Droid has built-in Tor support; Zapstore does not route the client through Tor yet (a relay is available over Tor; in-app Tor is planned).

Zapstore distributes APKs signed by developers (or points to upstream releases), with permissionless publishing and faster release cadence when developers push.

How is Zapstore different from Obtainium?

Obtainium is strong when you already have a GitHub (or similar) URL and want updates straight from that repo, including many pre-release tracks.

Zapstore adds discovery, search, stacks, publisher identity, and Web of Trust on top of indexed upstream APKs. Indexed apps are pulled from the same kinds of sources as Obtainium; Zapstore adds store UX and trust signals.

Can I completely replace Obtainium with Zapstore?

For stable final releases, many people use only Zapstore. For pre-releases, beta APKs, or niche repos not in the catalog, Obtainium is still a good companion. Keeping both is common until your apps and workflows are fully covered here.

What are Stacks?

Stacks are curated app lists, like playlists for apps. Create a stack, share a link, and others can browse or install everything in it.

Open a stack, use the menu (three dots) for Share or Copy link. Recent app versions also expose sharing from stack and app screens.

Can I back up my apps so I can restore them on a new phone?

With a Nostr identity, Zapstore can store your installed app list as a private encrypted Nostr event. Sign in with the same key on a new device (for example via Amber) to restore the list.

Automatic sync that stays up to date with installs is in development. App data and settings inside each app are not backed up by Zapstore.

Can I install older versions of an app?

Not as a main feature yet. Pinning an older release (for compatibility with self-hosted servers, for example) is a frequent request and is in development. Track updates on GitHub or ask in support.

Can I tip developers directly from Zapstore?

Yes, when the developer’s profile supports it. Connect a Lightning wallet via NWC (Alby Hub, Zeus, Minibits, and others), then send a tip from the app page.

Failed tips are usually wallet or NWC configuration issues. Try refreshing your connection string in the wallet app.

Does Zapstore support Tor?

There is a Tor-accessible Zapstore relay. The Android client does not route all traffic through Tor yet; you can use Orbot separately today. In-client Tor support will be announced when it ships.

Is iOS supported?

Not yet. iOS support is planned but is more complex because of Apple’s platform rules. Check project announcements for timeline updates.

I don't see an app I want. Can I request it?

Paste the app’s GitHub repository URL into the Zapstore search bar and press Enter. If the repo has releases with a valid APK attached, it may be indexed in the background within a few minutes.

If nothing appears, confirm releases include an APK, update Zapstore, and try again later. Developers should use the publishing CLI for a proper listing with full trust signals.

An app says "no longer available." What do I do?

This usually means you are on an old Zapstore build that cannot read the current catalog.

If Zapstore still opens: open the Updates tab and look for Zapstore there, or check the top of Discover (latest releases), open the Zapstore entry, and tap Update. On some older versions you may need to search for Zapstore and open its app page before an update appears.

If other apps still show the same error or you cannot update in-app, install the latest APK. That is the most reliable fix.

I get a certificate mismatch or "APK signing certificate does not match" error.

Update Zapstore to the latest version first. Older builds had certificate extraction bugs on some Android 10 devices (fixed around 1.0.6).

If it persists, the developer may have changed signing keys, or you may have installed from another source first. Treat the warning seriously unless you know why the key changed.

I can't update my apps. Updates aren't showing up.

Try in order: Profile → Clear local storage; update Zapstore itself from the website if needed; restart the app; scroll through your installed feed (some versions load updates as you scroll).

If it still fails, note your Zapstore version, Android version, and device when you report the issue.

Zapstore updated an app I didn't ask it to update.

Zapstore does not silently auto-update apps. You may have tapped Update All, or Zapstore may offer updates for apps that were installed outside Zapstore. Excluding apps not installed via Zapstore is being improved; check GitHub issue #315 for status.

I have display glitches: duplicate apps, stale counts, wrong data.

Go to Profile → Clear local storage. That resets Zapstore’s cache without uninstalling your apps. It fixes many duplicate entries and stale update badges.

How is Zapstore financially sustainable?

Development has been supported by grants, including OpenSats and the Human Rights Foundation. The team is exploring sustainable models that do not compromise open, permissionless publishing. Nothing is finalized yet.

Can I support Zapstore financially?

You can tip us directly from the Zapstore app page. Grant funding also supports ongoing work. Community input shapes future monetization ideas.

How do I report a problem or get more help?

Join user or developer support on Signal, post on the forum when available, or open an issue on GitHub. Include Zapstore version, Android version, device model, and what you already tried (such as clearing local storage).

Publishing an app? See the Developer FAQ.