Not sure what you mean. Certificates don't change with every build. Each app generally has two certs, the test cert that is used only for development but never published, and the release cert that it is published under. The release cert is the official secure identity of the published of the app and *can* *not* change.
On Sun, Sep 26, 2010 at 4:59 AM, jelford <[email protected]> wrote: > > > On Sep 23, 11:24 pm, Dianne Hackborn <[email protected]> wrote: > > Actually signatures is the certificate as a binary blob. This is what > the > > platform uses to compare .apk certs; you can compare the binary data > against > > your own values if you want. > > > > This sounds actually quite promising - although would the "trusted" > dataset (that > we are checking incoming connections against) need to be updated on > every build > (which was my impression) with this method ? > > jelford > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
