We currently provide a completely static app with the authentication type set to None. According to implementation details for Connect Apps an application must always validate install/uninstall lifecycle requests. These are not part of our descriptor since our app only provides static content. Is there somebody else having to think about this? And if so, what did you do about this requirement? Is there an official Atlassian statement that says if static apps must handle this or not?