On 08/12/2013 10:39 AM, Joshua Brindle wrote: > William Roberts wrote: >> Since we are building outside of an OEMs tree, I would imagine you're >> not using their private key to sign your applications that should be >> platform, etc (Except for the NSA ;-) ). I would imagine that everyone >> here made an additional entry in seapp_contexts and mac_perms.xml? >> However, IMO if I'm not the one holding the key it should go into >> untrusted_app. I can't remember if when I was at Samsung if we resigned >> the APK's or not, I am pretty sure we did not. > > Many of them are play store updatable these days, so resigning them is > unlikely. > > The point of not holding the key goes back to Google's decision not to > allow third party apps to be labeled differently, which I believe was a > mistake. If I have a trusted vendor and want to use their cert + package > name in a more trusted way than other apps I should be free to do that.
FWIW, we still support that distinction in our tree. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
