Hi, I was wondering if there's any more detail that can be extracted from PackageInfo.signatures. For instance, can we extract the public key that was used to sign the package? (and trust that the OS had already verified that the APK was indeed signed with the corresponding private key). What I'd want to do is to be able to have a list of trusted partners that are allowed to call my app, with those partners all having separate keys. I'd have a database of partners and their public keys available somehow (embedded or on a web site), and would be able to make security decisions based on who the caller is (while reducing the risk of the user making an incorrect decision and granting an app which shouldn't have that access the permission to call my app.
-Yuliy
