Hi, Currently, Android's built-in application installer allows installation of any 3rd party application (.APK), as long as the application is digitally self-signed by the developer. I'm exploring the possibility to customize Android's code-base where it would allow only specific 3rd party applications to get installed, based on their digital certificates.
Essentially, the use case for this scenarios is: 1. During the application installation process (say downloading an application from Android Marketplace) , Android's built-in application installer compares the digital certificate of the application which is being installed with a digital certificate that is stored on the device. 2. If these certificates match, the installer installs allows the application application to get installed. If not, the installer does not allow the application to get installed. To do this, I'm trying to locate the code in the Android platform's code-base where the installer performs the digital certificate check during an application installation process. I guess this should be located somewhere in the Framework layer source code, but am not sure? I wasn't able to locate a reference that gives a detailed walk-through of the Android platform code-base, hence this question. Any pointers on this would be highly appreciated! Many thanks. Anurag -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
