← Back to context Comment by izacus 3 months ago All Android devices require signed binaries and have done so since 1.0. 2 comments izacus Reply noname120 3 months ago Red herring. Self-signed certificates have always been accepted, and generating a certificate is a one-liner: keytool -genkeypair -keystore mykey.jks -alias myalias -keyalg RSA The public testkey certificate is also accepted so you don’t even need to generate one. NoGravitas 3 months ago Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.
noname120 3 months ago Red herring. Self-signed certificates have always been accepted, and generating a certificate is a one-liner: keytool -genkeypair -keystore mykey.jks -alias myalias -keyalg RSA The public testkey certificate is also accepted so you don’t even need to generate one. NoGravitas 3 months ago Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.
NoGravitas 3 months ago Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.
Red herring. Self-signed certificates have always been accepted, and generating a certificate is a one-liner:
The public testkey certificate is also accepted so you don’t even need to generate one.
Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.