[orthecreedence]

Yes, last I checked, Google signs the app with your private key, which they force you to give them. In other words, they have the ability to make any changes to your app and re-sign it at their whim. Anyone concerned about the security of their shit should only install apps directly signed directly by the developer, using a private key only the developer possesses.

It's a shame these platforms go to such great lengths to force distribution through their "safe" channels.

[h4waii]

Playing devil's advocate, given the choice between trusting a random developer to keep their keys private or Google to keep their keys private, I'd probably side with Google.

Yeah that doesn't help with coercion or government letters, but neither would being a solo dev, both parties will comply.

[zauguin]

Except the developers can still have access to the key, they just have to share it with Google. This not only violates the old advice: "Never share your private key!", it also gives you the worst of both worlds: You have to trust both the random developer and Google to keep the keys private.

[wccrawford]

I don't think the concern is with Google keeping the keys secure. I think the concern is with Google being able to rewrite the app however they want and sign it without the developer even knowing.

[ris]

What Google does with their keys is known only to Google. Google also have various commercial pressures which can compromise their behaviour (on that note, have we even managed to stop Certificate Authorities selling carte-blanche certificates to middleware-box vendors yet?)

A team-maintained package repository on the other hand operates through transparency.