In my Android app which uses Blockstack Auth, I need to get the identity of a user (not the current one) for verification. I think I need to have the app-specific key of the user to prevent possible MITM attacks in my client-server app. So, how can I achieve this goal without using my app’s server? Is it possible to get a user’s app-specific key and be sure that it doesn’t belong to the-middle-man by using Blockstack API? Thanks in advance.