Coming from the Windows Mobile and iPhone development environments, I am familiar with code signing linked to a trusted Certificate Authority. But I don't understand what value there is in a self- signed signature, especially if an app is to be distributed independently of the Android Market. If someone wanted to modify an app that I had self-signed, couldn't they just make changes in the binary and then re-sign the resulting app themselves? It seems that my self-signing the code does not prove who I am and it does not prove that the code has not been modified by someone other than me. So what value does it really have?
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
