On Thursday, January 19, 2012 6:09:25 PM UTC-5, Oleg Gryb wrote: > > You're absolutely right, there is no any reason to discuss that. It > just some opinions were rather unusual in my view and I wanted to > understand why. I should admit that still don't have an answer for > that "why" question. >
The source of the confusion is a misunderstanding of the reason why Android has signing certificates at all - specifically, what they are there to prevent. They basically are used to insure that associated apps claiming to be from the same author and thus able to share data, actually are. Verifying new versions of an already installed app would be the simplest and most common form of this. Try to install a new version signed with a different certificate than the installed version (not uncommon during development), and the device will warn you and if you proceed will wipe out all of the app's stored user data first, to prevent it from falling into the hands of an imposter. What the certificate check is not intended to do is to verify that the author of the first app of the collection to be installed is who they claim to be; it exists only to verify that any additional apps or updates which ask to be assigned to that existing userid really were signed by the holder of the same certificate, and so can be considered eligible to be put in the same security bucket together with the original. You can of course debate the merits of that aspect of the android design as much as you like. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/l211KJ-_4GgJ. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.