当一个APK都有两个签名和一个签名有可用的升级,会发生什么? [英] What happens when an APK has two signatures and an upgrade with one signature is available?
问题描述
我通过亚马逊的应用程序商店,以及通过谷歌的应用商店发布的应用程序。
I am publishing an app via the Amazon app store as well as via Google's app store.
亚马逊迪克斯的APK,然后用自己的证书签名,而且还为您提供与您的证书签署修改后的APK的机会。
Amazon dicks with the APK and then signs it with their own cert, but also offers you the opportunity to sign the modified APK with your cert.
如果一个APK与两个证书签名和升级变得可用只有一个证书(即升级成为可从谷歌Play中的安装,这是最初是从亚马逊的商店)会发生什么?是否包管理器升级之前需要从两个证书签名?或任何单个证书?抑或是证书的一个优先?
If an APK is signed with two certs and an upgrade becomes available with just one cert (i.e. an upgrade becomes available from Google Play for an installation that was originally from Amazon's store) what happens? Does the Package manager require signatures from both certs before upgrading? Or any single cert? Or does one of the certs take priority?
推荐答案
我做了一些研究。
https://groups.google.com/forum/ #!话题/ Android的安全性讨论/ npRHQzzgErM
终极版:由于四年前,谷歌不知道
Redux: As of four years ago, Google does not know.
的http://www.escapades-in-security.com/blog/2012/12/android-apk-supersignature.html
终极版::建议要求该组签名相匹配的执行操作的模式,因此presumably升级将需要双签署
Redux: Suggests a pattern of requiring that the set of signatures match to perform an operation, so presumably upgrades would need to be double signed.
没有明确着呢,我开始认为,亚马逊没有添加第二个签名,不知道在那里我得到了这个想法。 (也许我是从这里: digitial签名亚马逊的应用程序商店)
Nothing definitive yet, and I am starting to to think that Amazon doesn't add a second signature, not sure where I got that idea from. (Maybe I got it from here: digitial signature amazon app store )
这篇关于当一个APK都有两个签名和一个签名有可用的升级,会发生什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
