On Tue, Aug 24, 2010 at 8:59 PM, Carl Whalley <carl.whal...@googlemail.com>wrote:
> I'm curious about something regarding signing. If someone does as this > hack shows and patches the apk, they need to resign the new build. If > they then put this version out and its widely distributed, can't > Google see the certificate used to resign it, compare with the > original and just revoke the new one? Following that, what actually > happens if a user then tries to install an app signed with a revoked > cert via non-Market means? > What do you mean by revoke a cert? Android uses self-signed certs, and Google is not a signing authority. And we definitely don't apply filters to applications people install through side-loading. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
