Actually the instructions state you should use 25+ years for a single application; more if you sign multiple applications (there's a 20 year minimum for app on Google Play) If you encounter this issue in 25 years, post it on their future-holodeck-message-board :-) I think the idea behind this is that 99% of apps would not last this long or at least would not last as the same code base.
On Tuesday, July 23, 2013 3:07:06 AM UTC+3, Raymond Rodgers wrote: > > On 07/22/2013 12:08 AM, Ted Hopp wrote: > > On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: > >> The platform has an app signed with a cert. If you want to install an >> update to that app under a different cert, how could the platform trust >> that this is actually coming from the author who owns the original cert >> without the new app also being signed in some way with the original cert? >> Note that we don't use certificate authorities, so there is no root cert >> or such to go back to, to try to verify some relationship between two >> certs. Because we use self-signing, you are ultimately the CA, and have >> responsibility for the certs you generate. >> > > I know this is an old thread, but this caught my attention. Would it not > be possible to come up with a tool with which a developer could somehow use > the old cert as the authority for the new one? After all, the developer is > the only one with access to the private key, so a new cert could be > "signed" by the old one just as an .apk file is signed. > > I've been wondering about this issue a bit for a while now though it was > never really at a high importance level. Although it's been a while since I > created my keystore, I believe that the instructions we were given > originally said to make the key valid for 10 years. What are developers > supposed to do when that 10 year mark is up? For instance, what if my app > has been receiving regular updates for that entire 10 year period, and at > the 10 years and 1 day mark, I need to update it again. The key has > expired, so I can't technically update the application in the Play Store. > Is there a way to regenerate the key or extend the expiration date? If not, > is there a plan? Android has a ways to go before the ten year anniversary, > but I hope there's a plan in place for dealing with this [possible] issue. > > -- > Raymond Rodgershttp://www.badlucksoft.com/http://anevilgeni.us/ > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
