On Sep 27, 9:01 am, Dianne Hackborn <[email protected]> wrote: > Not sure what you mean. Certificates don't change with every build. Each > app generally has two certs, the test cert that is used only for development > but never published, and the release cert that it is published under. The > release cert is the official secure identity of the published of the app and > *can* *not* change. >
Okay - I'm sorry I was under the impression that the in PackageInfo.signatures (http://developer.android.com/reference/android/content/pm/ PackageInfo.html#signatures) was build-dependant as well. I don't know why. So you're saying this is just eg. the release cert of the application? If that's the case, then I'm right in thinking is is a reliable way to identify the developer as a trusted source? That would be totally ideal. jelford -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
