That's clearer, thanks. Presumably if you upload apps hacked this way to the Market, your account will get pulled. And since this is the only way of getting apps into the Market it remains safe?
On Aug 25, 8:36 am, Dianne Hackborn <[email protected]> wrote: > On Tue, Aug 24, 2010 at 8:59 PM, Carl Whalley > <[email protected]>wrote: > > > I'm curious about something regarding signing. If someone does as this > > hack shows and patches the apk, they need to resign the new build. If > > they then put this version out and its widely distributed, can't > > Google see the certificate used to resign it, compare with the > > original and just revoke the new one? Following that, what actually > > happens if a user then tries to install an app signed with a revoked > > cert via non-Market means? > > What do you mean by revoke a cert? Android uses self-signed certs, and > Google is not a signing authority. And we definitely don't apply filters to > applications people install through side-loading. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
