Android package signature introduction, android package
Why is the signature required ???
So many people develop Android, it is entirely possible that everyone will put the class name and package name into the same name. How can we distinguish this time? Signatures are differentiated at this time.
Because the developer may use the same Package Name to confuse and replace the installed program, the signature can ensure that the same Name is used, but the packages with different signatures are not replaced.
If an APK uses a key signature, the file with the other key signature cannot be installed or overwrite the old version at the time of release, which can prevent your installed application from being overwritten or replaced by malicious third parties.
In this way, the signature is actually the developer's identity. When a transaction is rejected, the signature can prevent it from happening.
Signature considerations
- All Android applications must have digital signatures, and there are no applications without digital signatures, including those running on simulators. Android does not install applications without digital certificates.
- The signed digital certificate does not need to be authenticated by an authority. It is a digital certificate generated by the developer, that is, a self-signed certificate.
- When officially releasing an Android Application, you must use a digital certificate generated by the appropriate private key to sign the program. You cannot use the debugging certificate generated by the ADT plug-in or ANT tool to publish the application.
- Digital Certificates are valid. Android only checks the validity period of the certificate when the application is installed. If the program has been installed in the system, the normal functions of the program will not be affected even if the certificate expires.