[icebraining]

What would the OS check the signature against, though? The certs that come with the OS are for validating sites, not apps, so passing a check wouldn't tell you much. It seems that Android would have to add a whole new cert store (and mechanism for adding certs), not just a couple of lines.

[justonepost]

That's not true at all. CA and leaf Certs have extensions and policies and can be used for any particular purposes. All the cert verification has to do is check for the code signing extension / policy.