I think you are sort of right. Individual apks are signed. However, if the bootloader is unlocked, it is trivial to bypass the signature checks on the apks using something like xposed or whatever.
Furthermore, you can flash an unsigned boot.img if the system.img is signed (I have just tried this and it boots ok) Josh _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
