Great ideas here, have enjoyed reading this thread and excited to see the solutions and UI as it evolves.
If Apps run in our “client side” browser as you put it, then we as a distributed community do have the power to “enforce” open source via incentives. We could incentivize all sorts of sandbox conditions on the code running in our Safe Browser “operating system”, and when done en mass collectively be force to be reckoned with. Apart from only allowing open source Apps to run in our Safe browsers, the community could also require that any App’s source code meets minimum license, presentation and formatting standards - no obfuscated closed license code etc. If any App wants to even be visible to our Browsers view of the distributed App store, then they also cannot contain any upstream packages/crates/code that can do an end run around security and authentication mechanisms in the Safe browser. No TCP/IP code that can open direct or indirect communications channels for example, restricted sandboxed instruction set only. Any and all communication can only be handed off and handled via Safe API’s reducing a malicious Apps ability to game the system.
Of course this is an open distributed permission-less system you can’t force anybody to do anything nor prevent users turning to opaque closed source App’s if they want to, and that is Ok there will always be exceptions. However if the default sandbox settings people get out of the box enforce things like I mentioned above, and all other App’s violating any of those conditions do not even appear to us in our view of the distributed App store then we have created a big incentive biased towards developing compliant Safe Apps, and all without any central authority. This is maintained while the majority of individuals continue to agree that the default conditions are a good idea and serve to protect our individual interests. The increasingly popular supply chain attacks could be mitigated using this method as well thanks for Safe’s immutable storage of the App code combined with checks on any and all App updates. The low hanging fruit would be automated checks (code formatting, no socket code etc) but automated code screening can only get you so far with security. Later on there is no reason why there could not be a more advanced conditions available such as: “Only show apps than have passed security reviews by 3 of 5 of these selected security experts/companies” (that I trust/Tip/donate/subscribe to), Tick.
Safe Browser coupled with WebAssembly I think it could be Safe Networks “killer app” - stress free security for the end user. Run any App you see without having to be a security expert, trusting the developer 100% or stressing the last App update is now allowing collecting and selling of your info.
Outside the Safe Browser Operating System all bet’s are off I do not see how this system would be feasible.