Maybe something like:
- have a database of common downloads and all their crypto info, which developers can update once they are validated
- have browser extensions that will check packages on download and alert if suspicious
You could pay for it with some sort of sponsorship from apps themselves, who have an interest in not getting compromised like this (it's terrible publicity).
You could pay for it with some sort of sponsorship from apps themselves, who have an interest in not getting compromised like this (it's terrible publicity).