I have developed an Android app that I am transferring to another person to further development. I have understood that if the new developer uses the same keystore, the seamless upgrade process continues.
How does Android validate the certificate when it is updating apps? Does it just validate only signature or does it compare whole certificates along with the Subject name?
My problem is that the new developer would like to market the app under their company name, not mine, hence the Google account change. But the certificate also contains my name and I would like to generate new certificate with the same private key, which should produce identical signature, but with different Subject in the Cert.
I have not used the certificate for any other apps, so I have no problem giving it away.
PS. Is it at all possible to upload the same application from another Google Account using the same keystore and package name so that seamless upgrade continues?
No, when a certificate is signed the TBS field of the certificate is signed. As you can see the TBS filed contains a Subject field.
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
So, you cannot change fields in the TBS. Either continue without changing the certificate(the subject) or create a new certificate with the other person's credentials. But for that you will have to deactivate your app. And upload a fresh app(not as an update, but as a new app), which I think is not a good solution. So it is better to continue with your certificate.
It doesn't care about the actual 'details' (certificate DN, serial number, etc.), but just compares the certificates as binary blobs as told here. Since the certificates are different, you can't update an app originally signed with cert1 with another signed with cert2.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With