I have just seen, that the apk fror Magic Earth (default mapps app) is coming from aapks. As far as I know, nobody can ensure that the apk 's from aapks are ‘untouched’.
So my question is: Can we really trust aapks.com ?
(I know, there are similar posts regarding source eOS apps store akp’s), but this is different, because it a build in default app)
As far as I know, nobody can ensure that the apk 's from aapks are ‘untouched’
you actually can, the infrastructure is there to verify a package before or after install. I’ll give a (lengthy) walkthrough as I was curious myself. If you’re familiar with PGP or the Web PKI you’ll identify the problem is that there is no directory of publishers public keys.