Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is going to happen when the first Android keystore certificates expire?

As far as I remember, 10 years was the default setting when creating a keystore in Eclipse. I think, about 5 years ago, Android development got kind of mainstream so I expect a lot of apps to be un-updatable in the Play Store in 5 years.

So far, I haven't found a solution on how to "prolong" a certificate's lifetime. Is there one? Will Google implement a way to set up your app with a new certificate? Of course, my scenario doesn't affect TOO many apps but I think there will be a considerable amount of SO questions on just that in 3-5 years.

Any ideas?

like image 788
user2875404 Avatar asked Jul 22 '17 22:07

user2875404


People also ask

What happens when keystore expires?

A digital certificate has a validity period, after which the certificate expires. Once a certificate expires, it is no longer valid, and it can cause the client-server communication to fail at the SSL handshake level.

What happens when certificate expires?

When TLS/SSL certificate expires, your website shows warning messages to the users, like 'your connection is not private' or 'your communication is not secure'. Such alarming notifications drive users away from your website, impacting your website traffic, brand value, and sales.

What happens when root certificate expires?

When the root CA certificate expires, it would mean that operating systems will invalidate the certificate. It will affect all certificates down the hierarchy chain discussed above. It may cause service outages, website, software, and email client downtimes, bugs, and other issues.

How do I know when my Android certificate expires?

load(instream, key); X509Certificate certificate = (X509Certificate) store. getCertificate("alias"); Date exprireDate = certificate. getNotAfter(); Then use exprireDate for checking if certificate expired.


1 Answers

Google Play has always required a certificate to be valid for at least 25 years.

Starting with minSdkVersion 28, it's possible to change certificates. So, app developers will probably want to drop support for older versions about a year before their certificates expire. Then, for the remainder of the old certificate's lifetime, updates will be signed with both old and new certificates, and then only with the new certificate after that.

like image 143
j__m Avatar answered Sep 18 '22 12:09

j__m