[pmoriarty]

"The whole point of this feature is to allow Google to modify the APK by stripping out unneeded resources to reduce file size."

Why couldn't Google just ask the developer to sign the modified app after Google makes its changes (which the developer should only do if they approve the changes)?

[UncleMeat]

PITA, most likely. More round trips. More complexity. More work for the user. It also means that the bundling process cannot be improved and you can't extend it to support new configurations without the involvement of the user. There are a bazillion locales and device configurations out there, with more created every day.

[simfree]

Why not let the developer generate the tailored binaries in the first place?

[UncleMeat]

In some cases, there are 100+ artifacts. I'd wager that far more developers care about the extra effort correctly splitting and signing a mountain of artifacts than the hypothetical threat model described in TFA. And Google probably would prefer the less error-prone method of doing it internally rather than risking devs doing it wrong and shipping broken apps to some device configurations.

[toast0]

Presumably the number of different app bundles is large. Otherwise, they could just ask for a apk with each configuration.

[zaphirplane]

Cause either you blindly sign it blindly or ??