APKs on the Play Store look like they have been signed by the author. They aren't. Play Store requires the author to hand over his private signing key to Google. Since the APKs are repackaged to reduce download time (only what you need on your specific device), they are all signed on delivery.
When I reported that as bug, because it is so wrong in many ways, Google told me, my key is as well secured as any other Google key.
Yeah, the PRISM member Google tells me that.
Bernd Paysan R.I.P Natenom 🕯️ /
npub1jr…n7fcl
2024-05-26 03:19:32
in reply to nevent1q…9zex
Author Public Key
npub1jre64lckn3ftn5mp3mmwecj7ysk3mny8k3cxwwe6rlskauvc5dqszn7fclPublished at
2024-05-26 03:19:32Event JSON
{
"id": "88c9750322a20a53c8eb4a027b6a67414116177b8a0248d753712b60eb4210fc",
"pubkey": "90f3aaff169c52b9d3618ef6ece25e242d1dcc87b470673b3a1fe16ef198a341",
"created_at": 1716693572,
"kind": 1,
"tags": [
[
"e",
"8d9366603bdd72e3c09206c57b076558d28be1deb8cda096d5a12ed0efb61340",
"",
"root"
],
[
"p",
"7cdb5a5339aabd69746e3f3b79ea3b5d493bc55de54af790a16f13d51831ec06"
],
[
"proxy",
"https://mastodon.net2o.de/@forthy42/112505229948870424",
"web"
],
[
"proxy",
"https://mastodon.net2o.de/users/forthy42/statuses/112505229948870424",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.net2o.de/users/forthy42/statuses/112505229948870424",
"pink.momostr"
]
],
"content": "APKs on the Play Store look like they have been signed by the author. They aren't. Play Store requires the author to hand over his private signing key to Google. Since the APKs are repackaged to reduce download time (only what you need on your specific device), they are all signed on delivery.\n\nWhen I reported that as bug, because it is so wrong in many ways, Google told me, my key is as well secured as any other Google key.\n\nYeah, the PRISM member Google tells me that.",
"sig": "f780d72670a3e7c7f4b741ade1cf07f398e7e3b81c043aec893712794f2793a225959fb129036a3ed8392272ee17eeb0fd67e8c32f162fe5294f841b37bcd010"
}