Some of our guiding principles are:

• open source architecture, allowing anyone to expand the solution

• open chain architecture, allowing anyone to build their own UI client on top of the DAS

• working backwards from the UI in order to ensure we’re solving the right problems and ensuring the proper level of UX

• proper level of correctness in the system in order to avoid non-deterministic behavior

• expandable architecture that allows us to decorate existing entities and build the solution in stages

• proper level of safety and security that protects the end user from malicious actors

While there are a few DAS solutions out there, none have addressed the last point above. The collective agreement is that security is not something that is easily solvable - we think otherwise.

The core of our approach consists of:

• carefully defining the entities in the system

• ensuring immutability

• allowing for extensibility

We divide entities into core and decorated entities. Core entities make up the core of the system, hence the name. Decorated entities allow us to expand code entities with additional data.

Core entities include users, dev profiles, apps, app versions and app binaries. Decorated entities enable concepts like safety profiles, app reviews and identity verification.

The common quality is that both live on the blockchain and refer each other, which allows us to create a verifiable tree that ensures the correctness of an app. All entities can be traced back to the app and developer, which prevents spoofing and reduces the blast radius when it comes to malicious actors.

A DAS store can function with just the core entities in place, however decorators allow us to expand the data set with other valuable information. Decoration can even be performed by centralized services, as long as the data is written to the blockchain in a controlled manner.

When it comes to app binaries, our approach is to use IPFS as the storage mechanism. This allows us to prevent tampering because IPFS assigns a unique content hash to every item it hosts. In addition to deploying app binaries to IPFS, we are also considering deploying our management portal app there as well. This would allow us to keep the app decentralized, instead of hosting it in a centralized location, and help us avoid using centralized IPFS infra. With this approach in place, the core of our solution would be fully decentralized.

As usual, we are open to questions and feedback. If you see something that doesn’t make sense, you want to learn more about out approach, or even help us build all of this, reach out to us in our Discord.

In our next post, we'll cover the developer portal side of things. Stay tuned!

Traditional app stores often collect large amounts of data on their users, which can be used for targeted advertising or even sold to third-party companies. DAS stores, on the other hand, are designed to minimize data collection and provide users with greater control over their personal information. Decentralized app stores come with numerous benefits; however, building one is not without its challenges.

Blockchain networks, such as Ethereum, are a perfect foundation. Smart contracts enable secure and transparent operations, and provide a tamper-proof signature of the app's code. This makes blockchain a natural building block and also enables monetization, including micro transactions.

One key aspect of building a DAS store is storage. Storing app binaries on the blockchain is not practical due to their size, but storing a signature of the binary achieves the same effect for a much lower cost. Ideally, app binaries should be stored on a peer-to-peer network like IPFS. IPFS enables file storage in a distributed manner and is the perfect companion to the blockchain because it produces a cryptographic hash for every file it stores, making code immutable and manipulation impossible.

When it comes to app deployment, there are two mechanisms: sufficiently decentralized and fully decentralized. In a sufficiently decentralized approach, the goal is to achieve eventual decentralization through a series of operations that guarantee the identity and correctness of the deployed apps. This can be achieved by hosting app store management nodes within commercial platforms and relying on hashing mechanisms that underpin both the blockchain and IPFS. For maximum tamper resistance, a fully decentralized approach would make the most sense, but decentralized compute is still a work in progress, and at the moment there are no compute platforms that have achieved such level of decentralization. One alternative to this would be hosting management nodes in IPFS, although this approach would limit access to those nodes from Web 2.0 browsers.

Ensuring safety in a DAS store is crucial. App stores managed by intermediaries bring advanced safety mechanisms with them. When removing intermediaries, we need to ensure that we don't also remove the safety mechanisms. There are a number of controls that need to be implemented in order to prevent malicious behavior on the platform. Firstly, app developers need to be trusted. Establishing URL ownership, social media profiles, or wallet signatures can help establish trust and minimize the likelihood of spoofing. App name validation is another important mechanism to prevent spoofing. App names need to be unique and registered to the trusted party. Every app deployment needs to be verified via wallet signature, enforcing ownership and ensuring that only trusted parties can deploy their apps.

Code scanning is a mechanism that looks for malware and exploits within the app's codebase. This is usually implemented via a code scanner that reads the code line by line and flags exploits based on its exploit database. Code scanning tools run on centralized platforms, which presents a slight implementation challenge. One approach would be to adopt a sufficiently decentralized approach where code scans are run from a centralized platform, but the results are stored on the chain. Apps could be considered deployed only after a scan gets attached to them on the chain.

Code reviews, while not scalable, are the most precise activity for detecting malicious code. There is a community aspect where other developers could get rewards by performing code reviews.

Another key safety aspect is user feedback. If an app demonstrates malicious behavior, users should be able to flag that behavior and warn other users. This would ideally impact the app's safety score and be visible in the store. In conclusion, decentralized app stores provide a more open, transparent, and secure ecosystem for developers and users.

While there are certainly challenges to building a decentralized app store, the benefits are significant and could pave the way for a more decentralized and democratic app economy in the future. By leveraging blockchain technology and smart contracts, decentralized app stores enable a more equitable and fair app ecosystem that benefits both developers and users alike.