13.05.2011 9:07, Nikolay Elenkov пишет:
I see. In the sense that it identifies the publisher, it is indeed a
'signature'.
Hmm, are we talking about the same thing here?
Isn't the key that the .apk is signed with (which is generated by the
developer, and is specific to a particular package) different from the
public key under the developer account (which is the same for all
applications for a particular developer)?
And aren't the LVL & in-app billing responses signed with the latter?
Is this guaranteed across versions? If so, using the PackageManager
to get it could be an alternative to embedding your public key in the APK
for LVL/in-app billing signature verification.
The PackageManager GET_SIGNATURES call can be hooked to return the
original signature even if the package has been hacked and re-signed.
There is a script somewhere on the 'net that does this automatically.
--
Kostya Vasilyev -- http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
