Android's security architecture is built around this. It doesn't matter *who* you are, but that the author of one .apk is the *same* *as* the author of another.
On Mon, Apr 11, 2011 at 7:50 PM, RLScott <[email protected]> wrote: > Coming from the Windows Mobile and iPhone development environments, I > am familiar with code signing linked to a trusted Certificate > Authority. But I don't understand what value there is in a self- > signed signature, especially if an app is to be distributed > independently of the Android Market. If someone wanted to modify an > app that I had self-signed, couldn't they just make changes in the > binary and then re-sign the resulting app themselves? It seems that > my self-signing the code does not prove who I am and it does not prove > that the code has not been modified by someone other than me. So what > value does it really have? > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
