Google also now managing app sigining keys, like F-Droid

hans 2017-05-18 08:34:07 UTC #1

Lol, so after all those raging debates and flames, it turns out that F-Droid was a pioneer and innovator, years ahead of Google. "With Google Play App Signing, you can securely manage your app signing keys for new or existing apps. Keys are stored on the same secure infrastructure Google uses to store its own keys."

https://support.google.com/googleplay/android-developer/answer/7384423

Anyone hear anything about Google's motivations for doing this?

nutomic 2017-05-19 13:10:18 UTC #2

From the article on Android Police (on mobile so no link), this is just to make things easier for developers. And also make it less likely that developers accidently lose their signing key.

hans 2017-06-23 13:49:58 UTC #3

That's one consideration. But I'm guessing that's just their public reason. I'll bet they did it for very different reasons. It basically is a reversal of the driving idea behind APK signatures since the beginning of Android: decentralized cryptography and Google Play never modifying the binaries.