Dave, Thanks for the exhaustive answer and I naturally appreciate Google's decision on working out this security model. Nevertheless, you seemed not to answer one of the important questions I also asked:
"Another question is that if any developers can sign their apps freely without any consequences (I mean there's no accountability on self- signed certificates) what will really prevent malware from spreading? " That is, if I were a malware author it wouldn't give me too much head- ache to change my self-signed certificates frequently - and I don't want to update my previous app, either. What is Google's approach to this problem? Thanks, Tote On Feb 5, 3:02 am, Dave Bort <[email protected]> wrote: > Unlike a lot of systems, Android does not use certificates to control > which applications can be installed on a given device. Doing so would > require a central authority that would have the power to reject > applications, and this goes against the open nature of the platform. > > Instead, the only piece of information that we can derive from the > certificates is "is app A signed by the same private key as app B?" > Assuming that private keys are under the strict control of the > developers that own them, we use this to answer the more useful > question "did these apps come from the same place?" Apps that are > signed with the same key are allowed to work together more tightly, > sharing data and resources in ways that non-commonly-signed apps > cannot. > > You could decide to use a cert that chains back to a CA like Thawte or > Verisign, but the Android system won't notice. But the user of an > application could potentially use this information to verify your > credentials. There's no current built-in way to do this in the > Android platform or marketplace, but such functionality could always > be added. > > So, no, CA-signed certs aren't any different from self-signed certs on > Android. > > --dbort > > On Wed, Feb 4, 2009 at 3:06 PM, Tote <[email protected]> wrote: > > > I couldn't find any documents describing the benefits of having a CA- > > signed certificate that developers can use for signing their APKs. > > Could anyone enlighten me if CA-signed certificate are any stronger > > than self-signed? Are there any permissions, for example, that a self- > > signed certificate is not enough for? > > > Another question is that if any developers can sign their apps freely > > without any consequences (I mean there's no accountability on self- > > signed certificates) what will really prevent malware from spreading? > > Community rating? The $25 entry fee to Android Market? I'm still > > missing something more convincing ... > > > Tote
