Comment by noname120
3 months ago
Red herring. Self-signed certificates have always been accepted, and generating a certificate is a one-liner:
keytool -genkeypair -keystore mykey.jks -alias myalias -keyalg RSA
The public testkey certificate is also accepted so you don’t even need to generate one.
Yes, but then when you update the app, it has to be signed with the same certificate. Android effectively uses TOFU for apk signatures.