As part of a security assessment tool, we want to verify that all apps on a phone come from a reputable source like the phone vendor or carrier or Android Market (assuming, of course, that this last source is in fact reputable) and haven't been tampered with.
So my question today is for doing this for Market apps. One way I thought to do this is to make sure that it is signed by the developer of the app, or by the same certificate as it is signed in the Market. Even if different versions of the app are installed, the signatures should have the same public key. Is there a way to programmatically get the public key of an APK from the Android Market? Perhaps there is a better way to accomplish the same thing? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
