There's no need to trust Apple with re-signing the binary, it just happens to be implemented that way. It throws away the reason for the original code signature, which was for the developer to securely say "I created this." You could just upload unsigned binaries to the App Store in this case, saving a lot of complicated work with maintaining signing profiles.
It's not that I don't trust Apple, it's that there's no reason to trust them in this case. Either stop forcing developers to deal with code signing for App Store apps or stop destroying their signature, allowing verification and logging of builds.
And yes, the same encrypted binary IPA is served to everyone, but it gets customized by the device/iTunes.
It's not that I don't trust Apple, it's that there's no reason to trust them in this case. Either stop forcing developers to deal with code signing for App Store apps or stop destroying their signature, allowing verification and logging of builds.
And yes, the same encrypted binary IPA is served to everyone, but it gets customized by the device/iTunes.