So what is protecting the application from forgery? On Oct 7, 7:39 pm, Dianne Hackborn <[email protected]> wrote: > On Wed, Oct 6, 2010 at 3:44 PM, DanH <[email protected]> wrote: > > Supposedly PackageInfo.signatures[0] gives you the signature. > > However, there's a Catch22: You can't get the signature until the app > > is packaged, and you can't modify the app to insert the signature > > after it's been packaged. > > Despite its name, the contents of PackageInfo.signatures is the public keys > your app is signed with. This absolutely, positively does not change > between builds. This is the pure identify of the developer of the app. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them.
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
