[a-dub]

it doesn't matter, they could just push an android update that bypasses your signature if they really wanted to. granted that's a bigger deal, but they control the ecosystem in google play and hold the signing keys for android and google play itself, you already trust them.

[aesh2Xa1]

If the only person with the signing key is the author, then any user could verify the signature outside of Android, could they not?

Instead, even outside of Android, we simply cannot know.

[nodamage]

Except verifying outside of Android tells you nothing about whether the application as installed on an actual device has been tampered with, so you don't really gain any security from this.

[a-dub]

they could push an update that makes it appear like the author signed version is on the device, but in reality a different version is run.

they control the keys to the software delivery channel and the operating system. large parts of this are closed source. users and developers trust them and that's just how it is.

that said, it's not pretty and i hope it's just a backwards compatibility stopgap as discussed upthread.

[jayd16]

If you're allowed to verify outside of Android, the author could simply post hashes.