[h4waii]

Playing devil's advocate, given the choice between trusting a random developer to keep their keys private or Google to keep their keys private, I'd probably side with Google.

Yeah that doesn't help with coercion or government letters, but neither would being a solo dev, both parties will comply.

[zauguin]

Except the developers can still have access to the key, they just have to share it with Google. This not only violates the old advice: "Never share your private key!", it also gives you the worst of both worlds: You have to trust both the random developer and Google to keep the keys private.

[wccrawford]

I don't think the concern is with Google keeping the keys secure. I think the concern is with Google being able to rewrite the app however they want and sign it without the developer even knowing.

[ris]

What Google does with their keys is known only to Google. Google also have various commercial pressures which can compromise their behaviour (on that note, have we even managed to stop Certificate Authorities selling carte-blanche certificates to middleware-box vendors yet?)

A team-maintained package repository on the other hand operates through transparency.