Hacker News new | past | comments | ask | show | jobs | submit login

So yes, Google Play has let you rotate your key for a few years now, but a) Riot/Android was set up before that was a thing, b) It gives Google the ability to push their own updates to your app, which some of the more paranoid users might object to. So we set it back up with our own key again this time, but this time will protect it with our lives...

Edit: https://developer.android.com/studio/publish/app-signing#app... is the type of key rotation i was talking about here.

actually, the mechanism described in https://www.androidpolice.com/2018/08/13/android-pie-include... sounds different to this, but given it mandates Android 9.0, we can't use that either yet. (Our minimum Android is still 4.1...)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact