Well, I do not agree. Indeed, as it was mentioned in an other thread (copied below), the multiple signature scheme is not supported. In my opinion, this is a huge limitation for the platform.
Basically, this means that an application can declare a permission ( protected by the signature scheme ), but this permission can only be used by an other application with the same signature. So, one can not create a permission ( protected by the signature scheme ) and have 2 different applications (signed with 2 different signatures, coming from 2 different developers ) using this permission. Only a dangerous or normal protection allows to do that ! > 1)I know jar signer support multiple signatures in one jar file. If an > APK file has two valid signatures, does that mean this APK can access > signature level permission provided by both signers? In theory, something is done with multiple signatures, but nobody has ever used this so it probably doesn't work. This also has the side-effect (if it does work) of aliasing the two signatures to the same thing since they presumably come from the same owner, which is likely not what you want. So basically, please don't do this. :) On Mar 27, 11:14 pm, "[email protected]" <[email protected]> wrote: > Android permissions guard activities between applications. From > Security perspective, android frame work is as same as an application. > To use signature level or permission defined by framework, your > application has to be signed using same key. > > You can define signature level permission in your application as well. > And you can use multiple signing keys to sign your application. Other > app would need to be signed using one of signing keys you used so they > can use permission enforced by your application. > > Do you agree with me? > > For T-Mobile G1, HTC generated 4 keys to sign different groups of > APKs. These 4 keys are corresponding to 4 keys in open source: > testkey, media, platform and shared. You can search .bks files under > build directory.
