Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Android allow an APK with an expired certificate to be installed?

I made an APK signed with a certificate which has a validity of 1 day. My aim is to give a trial app to some people, but preventing them copying the application after the expiration date. If they copy the application before the expiration date that is okay. I thought that the Android OS would block any application with an expired certificate from being installed on the phone. However, I find that I can install the application on my phone 2 days after the expiration of the certificate with which it is signed. Jarsigner confirms that the certificate has expired. Why does Android allow an application to be installed with an expired certificate?

like image 743
Patrick Avatar asked Apr 11 '11 18:04

Patrick


1 Answers

I understand it is allowed to be installed by a developer via adb or thirty-party . I am sure if you upload it to the Market you'll find difficulties. IMHO, it is logical because when you install applications out of the Market you are assuming many risks that you couldn't solve with a right-signed application.

like image 169
Urizev Avatar answered Sep 24 '22 17:09

Urizev