> > self-signed cert is not a "hard" > requirement, but rather a questionable practice and in this regard, > I'm curious if I'll have any problems with publishing apps on Android > market when use non self-signed certs, but the ones signed by an > approved CA? > > These are two separate problems: a) publishing two Android market b) installing apk on device
For b), from what I know, the only requirement is that the application is signed with (any kind of) x509 certificate. reduces it to a primitive binary blob. That's why it's a code "signature". > If you don't know anything about a signer and don't have anyone > to ask about him, which is the case with self-signed certs, then you > should not really trust to the content provided in its fields. > Yet another complete distinct problem. There are different approaches to measure trust: web of trust, chain of trust, ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/uYrdHMCm49gJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
