Do you think they won’t have a provision to revoke developer’s signing keys for reasons they determine? If they don’t, the whole malware-fighting angle would be meaningless. Once developer’s keys are revoked, their apps become uninstallable on Android that ships with Google apps. They could also easily uninstall apps signed with revoked keys.
I assume they’ll do this using chain of trust where they give signing keys to verified devs so that the apps don’t have to be signed by Google, but Android can still check if an app was signed by a Google-issued key.
Is that right!?
Giving up the app signing keys would allow Google to publish anything in your name. This sounds like a nightmare.
Surely there could be some equivalent to DNS confirmation by adding a key provided by Google to a txt record (or the signed app)
Do you think they won’t have a provision to revoke developer’s signing keys for reasons they determine? If they don’t, the whole malware-fighting angle would be meaningless. Once developer’s keys are revoked, their apps become uninstallable on Android that ships with Google apps. They could also easily uninstall apps signed with revoked keys.
I assume they’ll do this using chain of trust where they give signing keys to verified devs so that the apps don’t have to be signed by Google, but Android can still check if an app was signed by a Google-issued key.
E: Looking at this it says:
So you give your keys and I suppose they allowlist that package and keys. That means they’ll be able to revoke individual apps as well as dev keys.
Is that right!? Giving up the app signing keys would allow Google to publish anything in your name. This sounds like a nightmare.
Surely there could be some equivalent to DNS confirmation by adding a key provided by Google to a txt record (or the signed app)
The pub key could be enough to check if an app was signed with the private key.