Is that right!?
Giving up the app signing keys would allow Google to publish anything in your name. This sounds like a nightmare.
Surely there could be some equivalent to DNS confirmation by adding a key provided by Google to a txt record (or the signed app)
Is that right!? Giving up the app signing keys would allow Google to publish anything in your name. This sounds like a nightmare.
Surely there could be some equivalent to DNS confirmation by adding a key provided by Google to a txt record (or the signed app)
The pub key could be enough to check if an app was signed with the private key.