0

I gather that most developers (except perhaps for larger companies) use self-signed certificates to sign their apk. Since this is required for app installation, the ability to sign your app is available to anyone. Fairly simple to use keytool and jarsigner from Java SDK. However these self-signed certs and associated private keys do NOT guarantee any degree of security unless you can somehow match that certificate with someone you actually trust. There is no ability to revocate these self-signed certificates (no CRL) and there is no "issuer" (since the certs are almost always self-signed) who "vouches" in some way for the identity of the certificate/key holder who signs the code.

So does Andriod platform have or plan to have any ability to prevent installation of apps SIGNED WITH A PARTICULAR SIGNATURE? or to enable settings only allowing installation of apps signed by a cert/key issued by a list of trusted CA (certificate-authorities/issuers) ? However, there is some security available: In settings/Security you can prevent installation of anything (even signed and manually copied to your SIM) unless it comes from the Play Store, the default setting. Also you might be able to install a User certificate and ONLY allow apps signed by that cert to install (even if from the Play Store?).

user2339741
  • 1
  • 1

1 Answers1

0

I dont think the purpose of these certificates is to ensure an identity as a normal certificate signed by a CA would. As it seems to me the purpose of the certificates is just to have an extra security factor to ensure that the person that published the app for the first time is the one that publishes updates.

Without this someone that hacks your google account would be able to publish malicious updates to you entire user base.

So I would say its basically a two-factor authentication for publishing.

Stefan Rasmusson
  • 5,445
  • 3
  • 21
  • 48
  • I agree. That's fine provided that you trust the author of the first version of the app. Think "long hack" strategy. Build up some sort of trust model with your apps .... people download them ... great apps. Then in a subsequent update, say in a year or 2 ... BAM, this guy wasn't a good guy. So it IS important to question the FIRST time you install a signed app and something in the platform to help protect users or the app. – user2339741 May 02 '13 at 21:52
  • Ok, I see your problem, but how should one stop this? would it really be enough to ensure the identity of a person with a CA? Ofcourse you could decide to block a person after he done his first "hack". I think the reasons that this has not been done are two. 1. It would take a grate deal of work evaluating the publishers and that would cost money. 2. The evaluation would make it harder and more expencive to publish, making android a less attractive platform for developers. But it is a good idea to somehow evaluate the publishers. – Stefan Rasmusson May 03 '13 at 06:28
  • It isn't trivial and costs to acquire a code-signing certificate from trusted root CAs. Win32 Code NOT signed by a CA-issued cert throws up warnings to proceed at your own risk. I realize that Google via Play Store has some reasonable security infrastructure, including due-diligence in antivirus detection of apps posted there and a process to reject apps signed by certs which cause problems to downloaders but this is weaker than CRL infrastructe in PKI. Convenience I agree is a driver for Andriod apps deployment and I'm sure Google doesn't want to scare off users with too many warning dialogs. – user2339741 May 03 '13 at 19:32