As a follow-up to this question, I am trying to figure out what stops Google from modifying our apps that it signs and distributes. Regardless of whether we distribute an APK or an App Bundle, the App Signing service strips away whatever signature that we have and Google signs the APKs that it distributes. In the case of the App Bundle, this will result in several APKs, akin to what bundletool generates.
But since an APK is just a ZIP archive with compiled code and resources, it seems as though Google could modify that as they see fit before signing, including adding or replacing code.
we don’t modify and distribute your application code without your knowledge and approval
and:
As stated before, Play will not modify the functionality of your application without your knowledge and approval.
Notably, Google used "don't" and "will not"... as opposed to "can't" and "cannot". In fact, in the same post, we see:
For apps uploaded as app bundles, we will improve this security by introducing what is called a source stamp. This source metadata is inserted into the app’s manifest by
bundletool.
So, we know of at least one modification, albeit to metadata.
Plus, the Amazon AppStore for Android modifies APKs before re-signing them:
Regardless of whether you choose to apply Amazon DRM, Amazon wraps your app with code that enables the app to communicate with the Amazon Appstore client to collect analytics, evaluate and enforce program policies, and share aggregated information with you. Your app will always communicate with the Amazon Appstore client when it starts, even if you choose not to apply DRM.
Amazon removes your signature and re-signs your app with an Amazon signature that is unique to you, does not change, and is the same for all apps in your account.
Amazon has been doing this sort of thing for a decade.
It seems as though Google should have the same technical capability as does Amazon.
So, is there anything that I am missing that prevents Google from adding to or modifying the code in APKs that it re-signs and distributes?
from What Stops Google From Modifying Our APKs That It Signs Via the App Signing Service?
No comments:
Post a Comment