Tuesday, 13 January 2015

Revisiting the Package Signing Process in Android.

A process is tied to a package name, and a package name is tied to its signature, signatures play a
role in securing the data belonging to a package.

For Example :

When we download an application and install it on Windows or another operating systems,
we don't need to sign it. Why is signing mandated on an Android device ? What does the signing process really mean? What does it ensure? We will cover it in further posts.

As packages are installed onto a device, it is necessary that each installed package has a unique
or distinct Java package name.

If you try to install a new package with an existing name, the device will disallow the installation
until the previous package is removed.

To allow this type of package upgrading,you must ensure that the same application publisher
is associated with that package.

Signing an .apk file ensures that, as a developer, you reserve that package name for you through
your digital signature.

No comments:

Post a Comment