Currently, in order for Android app to appear in the official Store, developer has to allow Google to repackage their app and sign it with Google key. So while we can inspect what is there in the code of the app in git, we don’t really know what lands on our phones if installed via Google Play
You can still open an APK and decompile it… it being signed with a specific key is no different than the digital signatures some attach to their emails, it’s a way to prove authenticity, not a way to encrypt the message… you can open the email without having to even care about the signature.
You can still open an APK and decompile it… it being signed with a specific key is no different than the digital signatures some attach to their emails, it’s a way to prove authenticity, not a way to encrypt the message… you can open the email without having to even care about the signature.