Just checking back in a few days later to report success - thanks a lot for the help; it's really appreciated . I've had time to play around a bit with this, and it looks like it's a viable way to achieve exactly the results I needed.
One more thing: it looks like - in my RemoteService - the onBind() method is not being called by the remote process that's trying to connect to the interface, but by something else (presumably the operating system). It (the external process) then seems to be returned the same object as any previous calls to bind to the service (ie. a single Binder object is being passed out to all incoming requests). I just want to confirm that this is really what's going on, and I haven't got myself into a muddle? Thanks once again, jelford On Sep 27, 6:06 pm, Dianne Hackborn <[email protected]> wrote: > Yes this is the cert of the installed app (depending on whether or not it is > release depends on what you installed). > > > > On Mon, Sep 27, 2010 at 6:55 AM, jelford <[email protected]> wrote: > > > On Sep 27, 9:01 am, Dianne Hackborn <[email protected]> wrote: > > > Not sure what you mean. Certificates don't change with every build. > > Each > > > app generally has two certs, the test cert that is used only for > > development > > > but never published, and the release cert that it is published under. > > The > > > release cert is the official secure identity of the published of the app > > and > > > *can* *not* change. > > > Okay - I'm sorry I was under the impression that the in > > PackageInfo.signatures > > (http://developer.android.com/reference/android/content/pm/ > > PackageInfo.html#signatures) > > was build-dependant as well. I don't know why. So you're saying this > > is just eg. the > > release cert of the application? > > > If that's the case, then I'm right in thinking is is a reliable way to > > identify the > > developer as a trusted source? That would be totally ideal. > > > jelford > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<android-security-discuss%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/android-security-discuss?hl=en. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
