On Fri, May 13, 2011 at 1:51 PM, Dianne Hackborn <[email protected]> wrote: > On Thu, May 12, 2011 at 9:39 PM, Nikolay Elenkov <[email protected]> > wrote: >> >> It turns out the 'Signature' you get from the PackageManager it's actually >> the >> public key used to signed the app, that's whey it works. It was either >> poorly named >> or the meaning changed somewhere along the line. It's still an effective >> check >> to see if someone re-packaged your app and signed it with their own key >> (assuming they didn't yank the actual check routine from the app). > > Yes it is the public cert. You can blame me for the poor naming. I have > always thought of it as the signature of the author of the app, but really > it is implemented through the certificate signing mechanism.
I see. In the sense that it identifies the publisher, it is indeed a 'signature'. Is this guaranteed across versions? If so, using the PackageManager to get it could be an alternative to embedding your public key in the APK for LVL/in-app billing signature verification. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
