Support for verifying Google Play security metadata #196
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://android-developers.googleblog.com/2018/06/google-play-security-metadata-and.html
Request:
Could AppVerifier verify Google Play security metadata?
Rationale:
AppVerifier verifying the Google Play security metadata will allow people to use untrusted sources where APKs are redistributed, such as apkmirror.com and others, while ensuring the integrity and root of trust of obtained applications.
Google Play security metadata is verified offline by the Google Play Store Android application, and the metadata is kept intact when transferring the apks, or backing them up from a device. It is written by on the Android Developers Blog, that the "metadata addition" is "inserted into the APK Signing Block."
Time cost:
It seems to me that this could be possiible, potentially requiring at most some reverse engineering of the Google Play Store application, or analysis of the signing blocks of APKs served by the Google Play Store.
The text was updated successfully, but these errors were encountered: