There is no guaranteed way to identify that an app came from Google. There is a cert that Google uses to sign many of its apps, but I wouldn't count on the same one being used for all of them. And anyway, the Browser is not a Google application, so would never be signed by Google.
On Thu, Nov 11, 2010 at 1:11 PM, Yves Langisch <[email protected]> wrote: > Hi, > > I'd like to identify all Google provided apps. Extracting the certificate > (signature in the API terminology?!?) of the browser package gave me a > self-signed cert with following Subject/Issuer: > > 1.2.840.113549.1.9.1=#1613616e64726f696440616e64726f69642e636f6d,CN=Android,OU=Android,O=Android,L=Mountain > View,ST=California,C=US > > As I don't own a real phone this information comes from the emulator. I'd > like to know if a different cert is used on a real phone and if all Google > provided apps are signed with the same key? > > Yves > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
