Revisiting the Package Signing Process
Because a process is tied to a package name, and a package name is tied to its signature, signatures play a role in securing the data belonging to a package. To fully understand the implications of this, let’s investigate the nature of the package signing process.
In Chapter 14, we introduced the mechanics of signing an application prior to installing on the device. However, we haven’t explored the need for and implications of the package signing process.
For example, when we download an application and install it on Windows or another operating systems, we don’t need to sign it. Why is signing mandated on an Android device? What does the signing process really mean? What does it ensure? Are there any real-world ...