Home/ Questions/Q 8863499
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T15:59:37+00:00

I have developed an Android app that I am transferring to another person to

  • 0

I have developed an Android app that I am transferring to another person to further development. I have understood that if the new developer uses the same keystore, the seamless upgrade process continues.

How does Android validate the certificate when it is updating apps? Does it just validate only signature or does it compare whole certificates along with the Subject name?

My problem is that the new developer would like to market the app under their company name, not mine, hence the Google account change. But the certificate also contains my name and I would like to generate new certificate with the same private key, which should produce identical signature, but with different Subject in the Cert.

I have not used the certificate for any other apps, so I have no problem giving it away.

PS. Is it at all possible to upload the same application from another Google Account using the same keystore and package name so that seamless upgrade continues?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, when a certificate is signed the TBS field of the certificate is signed. As you can see the TBS filed contains a Subject field.

     Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3

    So, you cannot change fields in the TBS. Either continue without changing the certificate(the subject) or create a new certificate with the other person’s credentials. But for that you will have to deactivate your app. And upload a fresh app(not as an update, but as a new app), which I think is not a good solution. So it is better to continue with your certificate.

    It doesn’t care about the actual ‘details’ (certificate DN, serial number, etc.), but just compares the certificates as binary blobs as told here. Since the certificates are different, you can’t update an app originally signed with cert1 with another signed with cert2.

    • 0