为什么 Android 允许安装证书过期的 APK?
我制作了一个使用有效期为 1 天的证书签名的 APK。我的目标是向某些人提供试用应用程序,但防止他们在过期日期后复制该应用程序。如果他们在过期日期之前复制应用程序,那就没问题。我认为 Android 操作系统会阻止任何证书过期的应用程序安装在手机上。但是,我发现在签名证书过期 2 天后,我可以在手机上安装该应用程序。 Jarsigner 确认证书已过期。为什么 Android 允许使用过期证书安装应用程序?
I made an APK signed with a certificate which has a validity of 1 day. My aim is to give a trial app to some people, but preventing them copying the application after the expiration date. If they copy the application before the expiration date that is okay. I thought that the Android OS would block any application with an expired certificate from being installed on the phone. However, I find that I can install the application on my phone 2 days after the expiration of the certificate with which it is signed. Jarsigner confirms that the certificate has expired. Why does Android allow an application to be installed with an expired certificate?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知,开发人员可以通过 adb 或三十方安装它。我确信如果您将其上传到市场,您会发现困难。恕我直言,这是合乎逻辑的,因为当您在市场之外安装应用程序时,您将承担许多使用正确签名的应用程序无法解决的风险。
I understand it is allowed to be installed by a developer via adb or thirty-party . I am sure if you upload it to the Market you'll find difficulties. IMHO, it is logical because when you install applications out of the Market you are assuming many risks that you couldn't solve with a right-signed application.