nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq9a7wcrsrqtct5wayv5xxzm4xv4guldx46vh0djw0vvsjplp6x98q823y5u (nprofile…3y5u) No, that's not how updates work for either the OS or apps. The servers aren't trusted by either System Updater or App Store.
OS updates, APKs and APEXes are cryptographically signed and verified with downgrade protection based on a timestamp within the signed packages. There's also an additional layer of signing and downgrade protection for the OS and APEXes via verified boot which GrapheneOS also extends to system APKs.
Traditional distros use largely sketchy third party mirrors.
GrapheneOS
npub123…g0ht5
2026-03-03 17:30:32 CET
in reply to nevent1q…7xrn
Author Public Key
npub1235tem4hfn34edqh8hxfja9amty73998f0eagnuu4zm423s9e8ksdg0ht5Published at
2026-03-03 17:30:32 CETEvent JSON
{
"id": "4e8514e872f1f0903d1b3d08b908f5d44778f6ea7bd2379e65f80c08f4efbe86",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1772555432,
"kind": 1,
"tags": [
[
"p",
"2f7cec0e0302f0ba3ba4650c616ea66551cfb4d5d32ef6c9cf632120fc3a314e",
"wss://relay.ditto.pub"
],
[
"p",
"df0d14918d7de966a65242073e2ed0f4a144a281b3d79d5a371b172d500de896",
"wss://relay.ditto.pub"
],
[
"e",
"94f89c0b3ded2dfac3837cf207ecb3c721556a7d179821346cbb9dca1f163daf",
"wss://relay.ditto.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/116166192824269640",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.ditto.pub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq9a7wcrsrqtct5wayv5xxzm4xv4guldx46vh0djw0vvsjplp6x98q823y5u No, that's not how updates work for either the OS or apps. The servers aren't trusted by either System Updater or App Store.\n\nOS updates, APKs and APEXes are cryptographically signed and verified with downgrade protection based on a timestamp within the signed packages. There's also an additional layer of signing and downgrade protection for the OS and APEXes via verified boot which GrapheneOS also extends to system APKs.\n\nTraditional distros use largely sketchy third party mirrors.",
"sig": "9a9beed3ddf6475bc9e0ff1ca75c5faeff61aba0b4fa13454be3f63543221de593575d62aa54ec76279aa5bb5a75adf72d9c6b6450af9d42de8ceb12f6adc989"
}