Android does not currently support code certificates, as Windows does with Authenticode.
Let me explain it better.
On Windows, signing with Authenticode creates trust from the executable to your company. If you are running Vista / Seven (8?), The UAC prompts show the author of the program when a valid certificate is present, otherwise a yellow prompt warns that the software is unsigned. This will help you decide whether to launch the application.
In Android, no copyright information is ever displayed when you install the program. It is important to have secret keys. The APK is signed with the same key as the installed application:
- Sure, this is the same author.
- If the package name matches, you can upgrade the existing application
- If this is another application, you can access the personal data of another application, for example, the
Authenticator saved passwords. In general, APKs from the same provider (private key) operate under the same UID
My answer is to remind your boss that Android costs almost nothing in today's ecosystem ecosystems. I have not tried Symantec, but I believe that they are unlikely to offer you a remote signing tool, where they own private keys, you send the APK-end, and they return the signed APK to you. If anyone knows that I'm wrong, tell me.
My source is the official official Android documentation. The document says: "The certificate should not be signed by a certification authority: it is quite acceptable and typical for Android applications to use self-signed certificates." Does not mean , of course, does not mean cannot be .