On Mar 7, 2010, at 2:12 PM, Dave Carlton wrote: > I don't understand, what would be the point of a self-signed cert? And what > happens when a cert expires down the road self-signed or not? I have not > really looked at the subject so I may be showing my total ignorance.
I believe signing with a self-signed cert would allow you to show that the app has not been modified since you signed it. However, that does not prevent someone from stripping your signature, modifying the app, and then signing it with their own self-signed cert. The user would be able to tell it was not signed with your cert if they looked but my guess is that most would not know the difference. There is a video from WWDC a couple of years ago about app signing. I think the session has been an annual staple for a few years now. I have been meaning to check into signing my app for quite some time now. Of course I still have not gotten around to it and I am not sure when I will. :)
