[pas]

Why? They control the Play app itself anyway. Isn't verification done by the privileged "Google Play Services" special background service? Which is basically the userspace, which is where Google pushes security updates (because carriers and phone makers don't).

[jayd16]

Signatures are verified at the OS level, outside the playstore. Even if you side load apps, signatures are checked for consistency.

[remram]

I'm not suggesting we remove signing, just that Google use their own signing key for apps they build.

[jayd16]

That won't work. For google to take over the signing of existing apps they need the existing keys.

[remram]

I see, so the limitation is that app updates have to keep using the same key, and that's enforced by the OS? Couldn't the Play Store uninstall then reinstall in that situation, to update to the new key?

[jayd16]

That would delete any local files the app might have written, save files, that sort of thing.

[UncleMeat]

Yes, but that destroys cached and local data and isn’t compatible with built in apps using the same package name.