I faced a similar issue: it seems like it has now become close to impossible to use your own signing / release key.<p>My understanding is that Google really wants to manage your keys so that you can't really mess up. If your app has a lot of users and you lose the signing key, IIRC you'll cause an outage due to the fact that existing users will not be able to update the app without uninstalling it and re-installing it, causing data loss.<p>I'd love to be corrected, as there might be some key rotation procedure in place that I'm unaware of. In any case, even if you owned the signing key, no one could theoretically stop Google from providing an APK signed with another key to the PlayStore users, since at first install the apps trust whatever key you provide (and the only cross-check I'm aware of is, well, Play Protect, also owned by Google)
Not to be the devil's advocate but how is just a signing key for an Android app/developer that is used for signing APKs and bundles comparable to "keys to your bank account"?
> You can sign those with your own key, but then you need to share your private upload key to keep compatibility. Or you don't share it and Google signs it with a new key, leaving old devices behind.<p>I don’t get it: app can’t be updated if signed with a new key? Given that apps are sold all the time, and developers sometimes lose private keys themselves, this makes no sense.
It's also tangentially related to the app archiving feature of Android 15, which in order to retain backward-compatibility, replaces the full APK by a shim that you can simply open to initiate the app redownload. This allows to keep the existing local app storage in place. You cannot replace the original APK by another one unless the signatures of both matches.<p><a href="https://www.androidauthority.com/android-15-app-archiving-demo-3425621/" rel="nofollow">https://www.androidauthority.com/android-15-app-archiving-de...</a>
Some discussion from a few days ago, but on a less useful link. <a href="https://news.ycombinator.com/item?id=39798565">https://news.ycombinator.com/item?id=39798565</a>
The only scenario that comes to mind would be Google repackaging a build after some subtle <i>changes</i>, signing it and sending to a lawful intercept target. Are there other cases where the developer does not sign the package aside from selling the package to Google?
What's the point of Google asking for other people's private keys? That's not how asymetric encryption scheme are supposed to be used! Google could sign packages with their own keys, I don't see what they gain from having videolans' keys, except to impersonate them (which is fishy).
Is the Android and iPhone VLC app similar? The MacOS and Windows versions are <i>completely</i> different, I didn't know that and wanted to export my settings to match and MacOS has way fewer features.
Archive [1] <i>Just a snapshot in time of a growing mastodon thread</i><p>[1] - <a href="https://archive.is/pzanE" rel="nofollow">https://archive.is/pzanE</a>
[dupe]<p>More discussion over here last week: <a href="https://news.ycombinator.com/item?id=39789300">https://news.ycombinator.com/item?id=39789300</a>