On Thu, Jun 14, 2012 at 9:05 AM, Mark Murphy <mmur...@commonsware.com>wrote:
> On Thu, Jun 14, 2012 at 10:35 AM, Saurav <to.saurav.mukher...@gmail.com> > wrote: > > They should have a fall back plan! To upgrade the application, with > another > > keystore or some other secure procedure. Just a thought! > That would be the responsibility of the Play Store people, who are not > on this list AFAIK. > They can't do anything, they don't have your private key. The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en