That's clearer, thanks. Presumably if you upload apps hacked this way to the Market, your account will get pulled. And since this is the only way of getting apps into the Market it remains safe?
On Aug 25, 8:36 am, Dianne Hackborn <hack...@android.com> wrote: > On Tue, Aug 24, 2010 at 8:59 PM, Carl Whalley > <carl.whal...@googlemail.com>wrote: > > > I'm curious about something regarding signing. If someone does as this > > hack shows and patches the apk, they need to resign the new build. If > > they then put this version out and its widely distributed, can't > > Google see the certificate used to resign it, compare with the > > original and just revoke the new one? Following that, what actually > > happens if a user then tries to install an app signed with a revoked > > cert via non-Market means? > > What do you mean by revoke a cert? Android uses self-signed certs, and > Google is not a signing authority. And we definitely don't apply filters to > applications people install through side-loading. > > -- > Dianne Hackborn > Android framework engineer > hack...@android.com > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
