Revisiting the Package Signing Process

Because a process is tied to a package name, and a package name is tied to its signature, signatures play a role in securing the data belonging to a package. To fully understand the implications of this, let’s investigate the nature of the package signing process.

In Chapter 14, we introduced the mechanics of signing an application prior to installing on the device. However, we haven’t explored the need for and implications of the package signing process.

For example, when we download an application and install it on Windows or another operating systems, we don’t need to sign it. Why is signing mandated on an Android device? What does the signing process really mean? What does it ensure? Are there any real-world ...

Get Pro Android 4 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.