Android: Sign for development only

J. Landman Gay jacque at hyperactivesw.com
Sat Dec 4 17:14:38 EST 2021


I think it depends on how much you trust the recipient. The debug key is not secure. The 
default password for a debug key is "android".

I found this on stackoverflow 
<https://stackoverflow.com/questions/38864358/difference-between-debug-and-release-apks>:

"release apks must be decompressed and manually modified and recompressed+resigned by debug 
certificate, to be debuggable by other people. Accessing code is always available for every 
user, the release is "obfuscated", not "blocked". You can't hide code from user, who must be 
able to run the code, at some stage the code must be available to user, and at that moment 
skilled user can copy the code and explore/reverse engineer."

I think that means someone with the right skills could alter your app, since the default 
password is known.

I couldn't find any info about verifying the signing key without a developer account, but you 
could post a message to Google and ask if there is a way to purchase a developer account 
without a credit card.
<https://support.google.com/pay/gethelp>
They will accept a bank debit card if you have one.

If you are quite sure that your client is the only one who will use your app, and that no other 
person will have access to it, then I think it's probably okay to sign for development only. 
But it isn't really very secure.


On 12/3/21 10:31 AM, Klaus major-k via use-livecode wrote:
> Hi friends,
> 
> does it have any limitations if I "Sign for development only"?
> 
> I mean, once the user defined the URL to the APK as "trustworthy"
> in his security settings on his/her cellphone, he/she can download
> and install the app without any problems and dialogs.
> 
> I tried with a "selfsigning certificate", worked fine, but the user gets
> two warning dialogs:
> 1. Unknown developer...
> 2. Upldoad app for checking to GOOGLE...
> 
> Not as nice as an unsigned app, see above. :-)
> 
> Too bad you can ONLY pay the developer fee via a CREDITCARD!
> Big fun, Google!
> 
> OK, any hints welcome!
> 
> 
> Best
> 
> Klaus
> 
> --
> Klaus Major
> https://www.major-k.de
> https://www.major-k.de/bass
> klaus at major-k.de


-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com



More information about the use-livecode mailing list