Re: Android: Sign for development only

Sat, 04 Dec 2021 14:16:26 -0800

I think it depends on how much you trust the recipient. The debug key is not secure. The default password for a debug key is "android".
I found this on stackoverflow <https://stackoverflow.com/questions/38864358/difference-between-debug-and-release-apks>: 


"release apks must be decompressed and manually modified and recompressed+resigned by debug 
certificate, to be debuggable by other people. Accessing code is always available for every 
user, the release is "obfuscated", not "blocked". You can't hide code from user, who must be 
able to run the code, at some stage the code must be available to user, and at that moment 
skilled user can copy the code and explore/reverse engineer."



I think that means someone with the right skills could alter your app, since the default 
password is known.



I couldn't find any info about verifying the signing key without a developer account, but you 
could post a message to Google and ask if there is a way to purchase a developer account 
without a credit card.

<https://support.google.com/pay/gethelp>
They will accept a bank debit card if you have one.


If you are quite sure that your client is the only one who will use your app, and that no other 
person will have access to it, then I think it's probably okay to sign for development only. 
But it isn't really very secure.



On 12/3/21 10:31 AM, Klaus major-k via use-livecode wrote:

Hi friends,

does it have any limitations if I "Sign for development only"?

I mean, once the user defined the URL to the APK as "trustworthy"
in his security settings on his/her cellphone, he/she can download
and install the app without any problems and dialogs.

I tried with a "selfsigning certificate", worked fine, but the user gets
two warning dialogs:
1. Unknown developer...
2. Upldoad app for checking to GOOGLE...

Not as nice as an unsigned app, see above. :-)

Too bad you can ONLY pay the developer fee via a CREDITCARD!
Big fun, Google!

OK, any hints welcome!


Best

Klaus

--
Klaus Major
https://www.major-k.de
https://www.major-k.de/bass
kl...@major-k.de



--
Jacqueline Landman Gay         |     jac...@hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode






















					Reply via email to