Y
Hacker News
new
|
ask
|
show
|
jobs
by
jayd16
1873 days ago
Signatures are verified at the OS level, outside the playstore. Even if you side load apps, signatures are checked for consistency.
1 comments
remram
1873 days ago
I'm not suggesting we remove signing, just that Google use their own signing key for apps they build.
link
jayd16
1873 days ago
That won't work. For google to take over the signing of existing apps they need the existing keys.
link
remram
1873 days ago
I see, so the limitation is that app updates have to keep using the same key, and that's enforced by the OS? Couldn't the Play Store uninstall then reinstall in that situation, to update to the new key?
link
jayd16
1873 days ago
That would delete any local files the app might have written, save files, that sort of thing.
link
UncleMeat
1872 days ago
Yes, but that destroys cached and local data and isn’t compatible with built in apps using the same package name.
link