Actually the instructions state you should use 25+ years for a single application; more if you sign multiple applications (there's a 20 year minimum for app on Google Play) If you encounter this issue in 25 years, post it on their future-holodeck-message-board :-) I think the idea behind this is that 99% of apps would not last this long or at least would not last as the same code base.
On Tuesday, July 23, 2013 3:07:06 AM UTC+3, Raymond Rodgers wrote: > > On 07/22/2013 12:08 AM, Ted Hopp wrote: > > On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: > >> The platform has an app signed with a cert. If you want to install an >> update to that app under a different cert, how could the platform trust >> that this is actually coming from the author who owns the original cert >> without the new app also being signed in some way with the original cert? >> Note that we don't use certificate authorities, so there is no root cert >> or such to go back to, to try to verify some relationship between two >> certs. Because we use self-signing, you are ultimately the CA, and have >> responsibility for the certs you generate. >> > > I know this is an old thread, but this caught my attention. Would it not > be possible to come up with a tool with which a developer could somehow use > the old cert as the authority for the new one? After all, the developer is > the only one with access to the private key, so a new cert could be > "signed" by the old one just as an .apk file is signed. > > I've been wondering about this issue a bit for a while now though it was > never really at a high importance level. Although it's been a while since I > created my keystore, I believe that the instructions we were given > originally said to make the key valid for 10 years. What are developers > supposed to do when that 10 year mark is up? For instance, what if my app > has been receiving regular updates for that entire 10 year period, and at > the 10 years and 1 day mark, I need to update it again. The key has > expired, so I can't technically update the application in the Play Store. > Is there a way to regenerate the key or extend the expiration date? If not, > is there a plan? Android has a ways to go before the ten year anniversary, > but I hope there's a plan in place for dealing with this [possible] issue. > > -- > Raymond Rodgershttp://www.badlucksoft.com/http://anevilgeni.us/ > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
