Note: For apps created before August 2021, you can still upload an APK and manage your own keys instead of using Play App Signing and publishing with an Android App Bundle. By letting Google manage your app signing key, it makes this process more secure. Devices only accept updates when its signature matches the installed app’s signature.
To ensure that app updates are trustworthy, every private key has an associated public certificate that devices and services use to verify that the app update is from the same source. If you want to learn more about Google’s infrastructure, read the Google Cloud Security Whitepaper.Īndroid apps are signed with a private key. Keys are protected by Google’s Key Management Service. When you use Play App Signing, your keys are stored on the same secure infrastructure that Google uses to store its own keys. To use Play App Signing in, you need to be an account owner or a user with the Release to production, exclude devices, and use Play App Signing permission, and you need to accept the Play App Signing Terms of Service. Play App Signing stores your app signing key on Google’s secure infrastructure and offers upgrade options to increase security. With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign optimized, distribution APKs that are generated from your app bundles.
0 kommentar(er)
